CVE-2020-3111

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Published: Feb 5, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3111
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / ip_conference_phone_7832_firmware	-	12.7\(1\)
cisco / ip_conference_phone_7832_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_conference_phone_8832_firmware	-	12.7\(1\)
cisco / ip_conference_phone_8832_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_6821_firmware	-	11.3\(1\)sr1
cisco / ip_phone_6841_firmware	-	11.3\(1\)sr1
cisco / ip_phone_6851_firmware	-	11.3\(1\)sr1
cisco / ip_phone_6861_firmware	-	11.3\(1\)sr1
cisco / ip_phone_6871_firmware	-	11.3\(1\)sr1
cisco / ip_phone_7811_firmware	-	12.7\(1\)
cisco / ip_phone_7811_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_7821_firmware	-	12.7\(1\)
cisco / ip_phone_7821_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_7841_firmware	-	12.7\(1\)
cisco / ip_phone_7841_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_7861_firmware	-	12.7\(1\)
cisco / ip_phone_7861_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8811_firmware	-	12.7\(1\)
cisco / ip_phone_8811_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8841_firmware	-	12.7\(1\)
cisco / ip_phone_8841_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8851_firmware	-	12.7\(1\)
cisco / ip_phone_8851_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8861_firmware	-	12.7\(1\)
cisco / ip_phone_8861_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8845_firmware	-	12.7\(1\)
cisco / ip_phone_8845_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / ip_phone_8865_firmware	-	12.7\(1\)
cisco / ip_phone_8865_with_multiplatform_firmware	-	11.3\(1\)sr1
cisco / unified_ip_conference_phone_8831_firmware	-	10.3\(1\)sr6
cisco / wireless_ip_phone_8821_firmware	-	11.0\(5\)sr2
cisco / wireless_ip_phone_8821-ex_firmware	-	11.0\(5\)sr2

Vulnerability Database

289,782

CVE-2020-3111