CVE-2020-3111

Name of the Vulnerable Software and Affected Versions Cisco IP Phone (affected versions not specified)

Description The issue is due to insufficient input validation in the Cisco Discovery Protocol implementation, allowing an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a reload of the affected IP phone. This can be achieved by sending a crafted Cisco Discovery Protocol packet to the targeted device. The vulnerability exploits missing checks when processing Cisco Discovery Protocol messages, potentially resulting in a denial of service (DoS) condition. The attacker must be in the same broadcast domain as the affected device to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.