CVE-2020-3161

Name of the Vulnerable Software and Affected Versions Cisco IP Phones versions prior to the fixed version

Description A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Recommendations For Cisco IP Phones versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation. Avoid using the vulnerable web server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.