Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-3574
HistoryNov 06, 2020 - 7:15 p.m.

CVE-2020-3574

2020-11-0619:15:14
CWE-371
[email protected]
web.nvd.nist.gov
28
2
cisco
ip phones
tcp
vulnerability
dos
nvd
cve-2020-3574

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.

Affected configurations

NVD
Node
ciscoip_dect_210_firmwareRange<4.8.1
AND
ciscoip_dect_210Match-
Node
ciscoip_dect_6825_firmwareRange<4.8.1
AND
ciscoip_dect_6825Match-
Node
ciscoip_phone_8811_firmwareRange<11.3.2
AND
ciscoip_phone_8811Match-
Node
ciscoip_phone_8841_firmwareRange<11.3.2
AND
ciscoip_phone_8841Match-
Node
ciscoip_phone_8851_firmwareRange<11.3.2
AND
ciscoip_phone_8851Match-
Node
ciscoip_phone_8861_firmwareRange<11.3.2
AND
ciscoip_phone_8861Match-
Node
ciscounified_ip_conference_phone_8831_firmwareMatch9.3\(4\)servicerelease3
AND
ciscounified_ip_conference_phone_8831Match-
Node
ciscowebex_room_phone_firmwareRange<1.2.0
AND
ciscowebex_room_phoneMatch-

CNA Affected

[
  {
    "product": "Cisco IP Phones with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

prion 1
cisco 1
nessus 1
cvelist 1
nvd 1
threatpost 1
prion
prion
Race condition
2020-11-06 19:15:00
cisco
cisco
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
2020-11-04 16:00:00
nessus
nessus
Cisco IP Phones TCP Packet Flood Denial of Service (CVE-2020-3574)
2024-03-18 00:00:00
cvelist
cvelist
CVE-2020-3574 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
2020-11-04 00:00:00
nvd
nvd
CVE-2020-3574
2020-11-06 19:15:14
threatpost
threatpost
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
2020-11-05 15:16:26

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON
Related for CVE-2020-3574
prion1cisco1nessus1cvelist1nvd1threatpost1