Exposures › CVE-2020-3161
CVE-2020-3161
Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
⚡ RCE
⌖ exploited in the wild
shame 65/100
rceexploited-in-wild
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Players implicated
Description
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Affected FedRAMP products 8 in the catalog
| Product | Provider | Status | Match |
|---|---|---|---|
| Cisco Cloudlock for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Cisco Meraki for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco SD-WAN for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Umbrella for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Duo Federal | Duo Security (A Cisco Company) | Authorized | dex-judge · 0.95 |
| WebEx Contact Center Enterprise for Government (WxCCE-G) | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Webex for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |