CVE-2020-3574

Name of the Vulnerable Software and Affected Versions Cisco IP Phone (affected versions not specified)

Description The issue is related to errors in state management in the TCP packet processing functionality of Cisco IP Phones, which could allow a remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. This is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this by sending a high and sustained rate of crafted TCP traffic to the targeted device, potentially leading to a denial of service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.