CVE-2020-3574 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-3574?

CVE-2020-3574 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3574?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Dect 210 Firmware, Cisco Ip Dect 210, Cisco Ip Dect 6825 Firmware, Cisco Ip Dect 6825, Cisco Ip Phone 8811 Firmware.

Vulnerability Description

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ip Dect 210 Firmware	< 4.8.1
Cisco	Ip Dect 210	-
Cisco	Ip Dect 6825 Firmware	< 4.8.1
Cisco	Ip Dect 6825	-
Cisco	Ip Phone 8811 Firmware	< 11.3.2
Cisco	Ip Phone 8811	-
Cisco	Ip Phone 8841 Firmware	< 11.3.2
Cisco	Ip Phone 8841	-
Cisco	Ip Phone 8851 Firmware	< 11.3.2
Cisco	Ip Phone 8851	-
Cisco	Ip Phone 8861 Firmware	< 11.3.2
Cisco	Ip Phone 8861	-
Cisco	Unified Ip Conference Phone 8831 Firmware	9.3\(4\)
Cisco	Unified Ip Conference Phone 8831	-
Cisco	Webex Room Phone Firmware	< 1.2.0
Cisco	Webex Room Phone	-

Related Weaknesses (CWE)

CWE-371

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vPatchVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vPatchVendor Advisory

FAQ

What is CVE-2020-3574?

CVE-2020-3574 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected ca...

How severe is CVE-2020-3574?

CVE-2020-3574 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3574?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Dect 210 Firmware, Cisco Ip Dect 210, Cisco Ip Dect 6825 Firmware, Cisco Ip Dect 6825, Cisco Ip Phone 8811 Firmware.