A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Cisco
  • Ip Phone 8865 With Multiplatform Firmware
  • Ip Phone 8865
  • Unified Ip Conference Phone 8831 For Third-party Call Control
  • Ip Phone 8851 With Multiplatform Firmware
  • Ip Phone 8811 With Multiplatform Firmware
  • Wireless Ip Phone 8821 Firmware
  • Ip Phone 6851
  • Ip Phone 8811 Firmware
  • Wireless Ip Phone 8821-ex Firmware
  • Ip Phone 8845 Firmware
  • Ip Phone 6821
  • Ip Phone 7821 Firmware
  • Ip Phone 8851 Firmware
  • Ip Phone 7841 With Multiplatform Firmware
  • Ip Phone 8811
  • Ip Phone 8861 Firmware
  • Ip Phone 6841 Firmware
  • Ip Phone 7821
  • Ip Phone 8841 With Multiplatform Firmware
  • Ip Phone 8845 With Multiplatform Firmware
  • Ip Phone 8841
  • Ip Phone 7841
  • Ip Phone 6841
  • Wireless Ip Phone 8821-ex
  • Ip Conference Phone 7832
  • Ip Phone 6861
  • Ip Conference Phone 8832
  • Ip Phone 8851
  • Ip Phone 7811
  • Ip Phone 7821 With Multiplatform Firmware
  • Ip Phone 7841 Firmware
  • Ip Phone 7861
  • Ip Phone 8845
  • Ip Phone 7861 With Multiplatform Firmware
  • Ip Phone 6821 Firmware
  • Ip Conference Phone 8832 With Multiplatform Firmware
  • Ip Conference Phone 7832 Firmware
  • Ip Phone 6871 Firmware
  • Ip Phone 8861
  • Unified Ip Conference Phone 8831 Firmware
  • Ip Phone 6871
  • Ip Phone 8861 With Multiplatform Firmware
  • Ip Phone 6851 Firmware
  • Ip Phone 8841 Firmware
  • Ip Phone 7811 Firmware
  • Unified Ip Conference Phone 8831
  • Ip Conference Phone 7832 With Multiplatform Firmware
  • Ip Phone 8865 Firmware
  • Ip Phone 7861 Firmware
  • Wireless Ip Phone 8821
  • Ip Conference Phone 8832 Firmware
  • Ip Phone 6861 Firmware
  • Ip Phone 7811 With Multiplatform Firmware
  • Unified Ip Conference Phone 8831 For Third-party Call Control Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-05T00:00:00

Updated: 2020-02-05T18:06:07

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3111

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-02-05T18:15:10.783

Modified: 2020-02-07T19:43:52.957

Link: CVE-2020-3111

JSON object: View

cve-icon Redhat Information

No data.

CWE