The critical vulnerability fixed by Cisco affects IP Phones and resides on the webserver, the flaw could be exploited by a remote, unauthenticated attacker to execute code with root privileges. The flaw, tracked as CVE-2020-3161, has been rated as a critical severity and received a CVSS score of 9.8.
“A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.” reads the advisory published by Cisco.
“The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.”
The CVE-2020-3161 vulnerability is caused by the improper validation of HTTP requests, an attacker could exploit the issue by sending a crafted HTTP request to the web server of the vulnerable IP Phones.
“An unauthenticated remote attacker can trigger a stack-based buffer overflow by sending a crafted HTTP request to the /deviceconfig/setActivationCode endpoint.” reads the analysis published by Tenable, the company that reported the vulnerability.
“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer.”
Tenable also published a denial of service proof of concept for this issue on GitHub.
The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device:
Cisco pointed out that it is not aware of attacks exploiting the flaw in attacks in the wild.
Cisco also fixed three critical vulnerabilities, tracked CVE-2020-3239, CVE-2020-3240, and CVE-2020-3243, in Cisco UCS Director and UCS Director Express for Big Data. The flaws affect the REST API and could be exploited by a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.
“Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.” reads the advisory published by Cisco.
The issues exist due to insufficient access control validation and improper input validation. Cisco addressed the flaw by releasing UCS Director 6.7.4.0 and UCS Director Express for Big Data 3.7.4.0.
Cisco also addressed several high severity flaws affecting Wireless LAN Controller (WLC) Software, Webex Network Recording Player and Webex Player, Mobility Express Software, IoT Field Network Director, Unified Communications Manager (UCM) and UCM Session Management Edition (SME), and Aironet Series Access Points Software.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – IP Phones, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.