CVE-2020-3574
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
Una vulnerabilidad en la funcionalidad TCP packet processing de Cisco IP Phones, podría permitir a un atacante remoto no autenticado causar que el teléfono dejara de responder a las llamadas entrantes, abandonara las llamadas conectadas o se recargara inesperadamente. La vulnerabilidad es debido a una limitación insuficiente de la tasa de paquetes de entrada TCP. Un atacante podría explotar esta vulnerabilidad mediante el envío una tasa alta y sostenida de tráfico TCP diseñado hacia el dispositivo apuntado. Una explotación con éxito podría permitir al atacante afectar las operaciones del teléfono o hacer que el teléfono se recargue, dando lugar a una condición de denegación de servicio (DoS)
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-12-12 CVE Reserved
- 2020-11-06 CVE Published
- 2023-07-23 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-371: State Issues
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ip Dect 210 Firmware Search vendor "Cisco" for product "Ip Dect 210 Firmware" | < 4.8.1 Search vendor "Cisco" for product "Ip Dect 210 Firmware" and version " < 4.8.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Dect 210 Search vendor "Cisco" for product "Ip Dect 210" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Dect 6825 Firmware Search vendor "Cisco" for product "Ip Dect 6825 Firmware" | < 4.8.1 Search vendor "Cisco" for product "Ip Dect 6825 Firmware" and version " < 4.8.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Dect 6825 Search vendor "Cisco" for product "Ip Dect 6825" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware" | < 11.3.2 Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 11.3.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware" | < 11.3.2 Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 11.3.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware" | < 11.3.2 Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 11.3.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware" | < 11.3.2 Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 11.3.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 Firmware Search vendor "Cisco" for product "Unified Ip Conference Phone 8831 Firmware" | 9.3\(4\) Search vendor "Cisco" for product "Unified Ip Conference Phone 8831 Firmware" and version "9.3\(4\)" | servicerelease3 |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 Search vendor "Cisco" for product "Unified Ip Conference Phone 8831" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Webex Room Phone Firmware Search vendor "Cisco" for product "Webex Room Phone Firmware" | < 1.2.0 Search vendor "Cisco" for product "Webex Room Phone Firmware" and version " < 1.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Webex Room Phone Search vendor "Cisco" for product "Webex Room Phone" | - | - |
Safe
|