CVE-2020-16139
published 2020-08-12CVE-2020-16139: A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially…
PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
79.77%
99.6th percentile
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_ip_conference_station_7937g_firmware | 1.4.4.0 – 1.4.5.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlPOST /localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1↗
- →Look for HTTP POST requests to /localmenus.cgi with query parameters func=609 and rphl=1 and a long repeated-byte data parameter, which is the PoC trigger for the DoS condition. ↗
- →The server response to the exploit request contains the string 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in the body and 'application/xml' in the Content-Type header with HTTP 200 status, indicating a vulnerable device. ↗
- ·Cisco itself states it cannot prove this vulnerability exists; the CVE was assigned out of caution for an end-of-life product. Detection rules based on the PoC payload may produce false positives or have limited real-world applicability. ↗
- ·The vulnerability affects only Cisco Unified IP Conference Station 7937G firmware versions 1-4-4-0 through 1-4-5-7, which is an end-of-life product. Scope detection efforts accordingly. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8c2f-jx3v-cm8h: ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the
ghsa_unreviewed·2022-05-24
CVE-2020-16139 [HIGH] CWE-20 GHSA-8c2f-jx3v-cm8h: ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information.
VulnCheck
Cisco Unified IP Conference Station 7937G Crafted Packets Remote Denial of Service
vulncheck·2020·CVSS 7.5
CVE-2020-16139 [HIGH] Cisco Unified IP Conference Station 7937G Crafted Packets Remote Denial of Service
Cisco Unified IP Conference Station 7937G Crafted Packets Remote Denial of Service
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
Affected: Cisco unified_ip_conference_station_7937g_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remedia
No detection rules found.
Nuclei
Cisco Unified IP Conference Station 7937G - Denial-of-Service
nuclei·CVSS 7.5
CVE-2020-16139 [HIGH] Cisco Unified IP Conference Station 7937G - Denial-of-Service
Cisco Unified IP Conference Station 7937G - Denial-of-Service
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
Template:
id: CVE-2020-16139
info:
name: Cisco Unified IP Conference Station 7937G - Denial-of-Service
author: pikpikcu
severity: high
description: |
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially
No writeups or analysis indexed.
http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.htmlhttps://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.htmlhttp://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.htmlhttps://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
2020-08-12
Published
Exploited in the wild