CVE-2020-3111

Published Feb 5, 2020
Last updated 5 years ago
Overview

Description: A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Source: ykramarz@cisco.com
NVD status: Analyzed
Hype score: Not currently trending
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 3.0

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-20
ykramarz@cisco.com: CWE-20
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C412D40-7E0A-4FF1-9D07-21117B915509",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A2F31BA-AF80-4C21-9FD0-A0DB1D304024",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6158B805-6515-4DC3-AB76-1D2F7036492F",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8096985-5813-4098-BF38-FD09CB2ACBFA",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327BB99F-F398-49C3-83A2-DE8392F13A51",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1021FD6B-50A7-40E1-8081-F7BD80777E75",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CEB6D52-F968-4D81-A0E0-F9E81CCBF1AF",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E38A06CF-5C29-47EA-8E63-45DED1085864",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F94AED70-743C-4764-A342-5503649852CF",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80C0B9B7-C7F6-4FF8-9CDD-F823516C0F31",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A4A4B0F-3A7C-4EE9-A6ED-4C1E1C4AAD57",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEE05ACF-E50D-478A-B24D-5DFDADAC14C1",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6DB7E94-661F-4447-9338-1BCB46CCE665",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F3968E7-EFA1-42FF-B62B-8D76B1F9AE70",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AF864D9-B587-4FCE-BEB2-9A1EC49DF8F7",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25CEB9EC-D645-4EFE-AAC3-8EAB120B654F",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "801FD445-7410-457C-98CC-F839427CEBD4",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21B5DDF7-4B8D-4E26-B816-1981F29B35AA",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BE38659-4111-4D7D-8B6C-54B7D28EE5A9",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C25A9EF-0963-4BEA-9183-B21CA2871C03",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F64960C-05A6-4150-9307-8890F617B077",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1498AAB-2129-48F0-9985-60667F4484E4",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D85F9FDA-AA2E-4E40-A4C0-086ABA8CC238",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDC48168-00E4-44F4-82A0-AB3A3F12E934",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6487419F-6DC3-4606-87B3-B429314E00D4",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13C4E4FC-0B10-4447-8EF6-9D82C833DA20",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31CC8824-E700-4D80-9F96-5076D4DA7816",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A8762CE-FDC4-4C8B-BA64-8867711CDB46",
            "versionEndExcluding": "12.7\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECD950B5-786D-4C9C-BB33-3F9DF41891F6",
            "versionEndExcluding": "11.3\\(1\\)sr1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9495099-FC90-46E7-8B86-1BC8B9B055B5",
            "versionEndExcluding": "10.3\\(1\\)sr6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5699693-DBEC-429F-B67E-0B1625818FAB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA7AA843-E37E-42A0-BD4C-9710BDD50D9B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20E2DFB-CBEB-4A0A-B099-3D5C7A973EC9",
            "versionEndExcluding": "11.0\\(5\\)sr2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F97DF354-7690-417E-B223-72C8BDA36DA7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A40EB66A-AEA5-449A-B025-996882A25DC9",
            "versionEndExcluding": "11.0\\(5\\)sr2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Social media

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References
