CVE-2020-3574
Description
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.181
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability For Cisco IP Phone 8800 Series with Multiplatform Firmware | NCM |
| Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability For | NCM |
| Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability For Cisco Small Business IP Phones | NCM |
| CVE-2020-3574 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705298 | Security Update for Cisco IP Phone 8800 Series with Multiplatform Firmware 11.3(3)MPP1.377 |
| PATCH-1706026 | Security Update for CAF-1.2.0.0 |
| PATCH-1705095 | Security Update for Cisco Small Business IP Phones 7.6(2)SR6 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234