HIGHβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2020-3574

CVSS 7.5v3.1pub. 2020-11-06upd. 2024-11-21

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Cisco Ip Dect 210

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Dect 210 Firmware

    OS
    Cisco
    < 4.8.1
  • Cisco Ip Dect 6825

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Dect 6825 Firmware

    OS
    Cisco
    < 4.8.1
  • Cisco Ip Phone 8811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8811 Firmware

    OS
    Cisco
    < 11.3.2
  • Cisco Ip Phone 8841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8841 Firmware

    OS
    Cisco
    < 11.3.2
  • Cisco Ip Phone 8851

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8851 Firmware

    OS
    Cisco
    < 11.3.2
  • Cisco Ip Phone 8861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8861 Firmware

    OS
    Cisco
    < 11.3.2
  • Cisco Unified Ip Conference Phone 8831

    HW
    Cisco
    wszystkie wersje
  • Cisco Unified Ip Conference Phone 8831 Firmware

    OS
    Cisco
    9.3\(4\)
  • Cisco Webex Room Phone

    HW
    Cisco
    wszystkie wersje
  • Cisco Webex Room Phone Firmware

    OS
    Cisco
    < 1.2.0
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2020-3161CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execu...

CVE-2023-20079CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2023-20078CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2025-20350HIGH7.5ten sam produkt

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco ...

CVE-2024-20376HIGH7.5ten sam produkt

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticate...

CVE-2020-3574 β€” Cisco β€” Ip Dect 210 β€” HIGH β€” CVSS 7.5 | CVEbaza.pl