CVE-2020-3161 - Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Project:Cisco
Product:Cisco IP Phones
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Description
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-3161