cbcvebase.
CVE-2020-16139
published 2020-08-12

CVE-2020-16139: A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially…

PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
79.77%
99.6th percentile
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information

Affected

1 ranges
VendorProductVersion rangeFixed in
ciscounified_ip_conference_station_7937g_firmware1.4.4.0 – 1.4.5.7

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
path/localmenus.cgi
  • Look for HTTP POST requests to /localmenus.cgi with query parameters func=609 and rphl=1 and a long repeated-byte data parameter, which is the PoC trigger for the DoS condition.
  • The server response to the exploit request contains the string 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in the body and 'application/xml' in the Content-Type header with HTTP 200 status, indicating a vulnerable device.
  • ·Cisco itself states it cannot prove this vulnerability exists; the CVE was assigned out of caution for an end-of-life product. Detection rules based on the PoC payload may produce false positives or have limited real-world applicability.
  • ·The vulnerability affects only Cisco Unified IP Conference Station 7937G firmware versions 1-4-4-0 through 1-4-5-7, which is an end-of-life product. Scope detection efforts accordingly.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.