A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
2020-04-15T20:15:15.097
2025-02-24T16:14:27.920
Analyzed
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | ip_phone_8865_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8865_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8865_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8865 | - | No |
| Operating System | cisco | ip_phone_8851_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8851_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8851_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8851 | - | No |
| Operating System | cisco | ip_phone_7841_firmware | 11.0\(1\) | Yes |
| Hardware | cisco | ip_phone_7841 | - | No |
| Operating System | cisco | ip_phone_7821_firmware | 11.0\(1\) | Yes |
| Hardware | cisco | ip_phone_7821 | - | No |
| Operating System | cisco | ip_phone_8811_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8811_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8811_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8811 | - | No |
| Operating System | cisco | ip_phone_8861_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8861_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8861_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8861 | - | No |
| Operating System | cisco | ip_phone_8845_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8845_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8845_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8845 | - | No |
| Operating System | cisco | ip_phone_7861_firmware | 11.0\(1\) | Yes |
| Hardware | cisco | ip_phone_7861 | - | No |
| Operating System | cisco | ip_phone_8841_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8841_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8841_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8841 | - | No |
| Operating System | cisco | ip_phone_7811_firmware | 11.0\(1\) | Yes |
| Hardware | cisco | ip_phone_7811 | - | No |
| Operating System | cisco | ip_phone_8821_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8821_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8821_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8821 | - | No |
| Operating System | cisco | ip_phone_8821-ex_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | ip_phone_8821-ex_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | ip_phone_8821-ex_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | ip_phone_8821-ex | - | No |
| Operating System | cisco | 8831_firmware | 10.3\(1\)es14 | Yes |
| Operating System | cisco | 8831_firmware | 11.0\(1\) | Yes |
| Operating System | cisco | 8831_firmware | 11.0\(5\)sr1 | Yes |
| Hardware | cisco | 8831 | - | No |