Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-00791

Опубликовано: 05 фев. 2020
Источник: fstec
CVSS3: 8.8
CVSS2: 8.3
EPSS Низкий

Описание

Уязвимость реализации протокола Cisco Discovery микропрограммного обеспечения IP-телефонов Cisco IP существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с привилегиями root или вызвать перезагрузку уязвимого IP-телефона

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IP Conference Phone 7832
IP Conference Phone 7832 with Multiplatform
Cisco IP Conference Phone 8832
Cisco IP Conference Phone 8832 with Multiplatform
Cisco IP Phone 6821 with Multiplatform
Cisco IP Phone 6841 with Multiplatform
Cisco IP Phone 6861 with Multiplatform
Cisco IP Phone 6871 with Multiplatform
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 7811 with Multiplatform
Cisco IP Phone 7821 with Multiplatform
Cisco IP Phone 7841 with Multiplatform
Cisco IP Phone 7861 with Multiplatform
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8851
Cisco IP Phone 8861
Cisco IP Phone 8845
Cisco IP Phone 8865
Cisco IP Phone 8811 with Multiplatform
Cisco IP Phone 8841 with Multiplatform
Cisco IP Phone 8851 with Multiplatform
Cisco IP Phone 8861 with Multiplatform
Cisco IP Phone 8845 with Multiplatform
Cisco IP Phone 8865 with Multiplatform
Cisco Unified IP 8831 Conference Phone
Cisco IP Phone 8821
Cisco IP Phone 8821-EX

Версия ПО

до 12.7(1) (Cisco IP Conference Phone 7832)
до 11.3(1)SR1 (IP Conference Phone 7832 with Multiplatform)
до 12.7(1) (Cisco IP Conference Phone 8832)
до 11.3(1)SR1 (Cisco IP Conference Phone 8832 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 6821 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 6841 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 6861 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 6871 with Multiplatform)
до 12.7(1) (Cisco IP Phone 7811)
до 12.7(1) (Cisco IP Phone 7821)
до 12.7(1) (Cisco IP Phone 7841)
до 12.7(1) (Cisco IP Phone 7861)
до 11.3(1)SR1 (Cisco IP Phone 7811 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 7821 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 7841 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 7861 with Multiplatform)
до 12.7(1) (Cisco IP Phone 8811)
до 12.7(1) (Cisco IP Phone 8841)
до 12.7(1) (Cisco IP Phone 8851)
до 12.7(1) (Cisco IP Phone 8861)
до 12.7(1) (Cisco IP Phone 8845)
до 12.7(1) (Cisco IP Phone 8865)
до 11.3(1)SR1 (Cisco IP Phone 8811 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 8841 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 8851 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 8861 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 8845 with Multiplatform)
до 11.3(1)SR1 (Cisco IP Phone 8865 with Multiplatform)
до 10.3(1)SR6 (Cisco Unified IP 8831 Conference Phone)
до 11.0(5)SR2 (Cisco IP Phone 8821)
до 11.0(5)SR2 (Cisco IP Phone 8821-EX)

Тип ПО

Прикладное ПО информационных систем
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 8,3)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 46%
0.00234
Низкий

8.8 High

CVSS3

8.3 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2020-3111

CVSS3: 8.8
nvd
около 6 лет назад

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

github логотип

GHSA-w6xx-2hjv-77cm

github
больше 3 лет назад

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

EPSS

Процентиль: 46%
0.00234
Низкий

8.8 High

CVSS3

8.3 High

CVSS2