CVE-2020-3574— Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-3574
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
状态问题
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IP Phone 8800 Series和Cisco IP Phone 7800 Series 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IP Phone 8800 Series和Cisco IP Phone 7800 Series都是美国思科(Cisco)公司的产品。Cisco IP Phone 8800 Series是一款8800系列的IP电话。Cisco IP Phone 7800 Series是一款7800系列IP电话。 Cisco IP Phone 存在安全漏洞,该漏洞可导致致命错误,进而导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware | n/a | - |
II. Public POCs for CVE-2020-3574
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-3574
Please Login to view more intelligence information
Same Patch Batch · Cisco · 2020-11-06 · 27 CVEs total
| CVE-2020-3603 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3600 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3595 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3594 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3593 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3604 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3573 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3556 | 7.3 HIGH | Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability |
| CVE-2020-3588 | 7.3 HIGH | Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability |
| CVE-2020-27129 | 6.7 MEDIUM | Cisco SD-WAN vManage Software Command Injection Vulnerability |
| CVE-2020-26084 | 6.5 MEDIUM | Cisco Edge Fog Fabric Resource Exposure Vulnerability |
| CVE-2020-3592 | 6.5 MEDIUM | Cisco SD-WAN vManage Software Authorization Bypass Vulnerability |
| CVE-2020-27128 | 6.5 MEDIUM | Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability |
| CVE-2020-3587 | 6.4 MEDIUM | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3590 | 6.4 MEDIUM | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3371 | 6.3 MEDIUM | Cisco Integrated Management Controller Command Injection Vulnerability |
| CVE-2020-3551 | 6.1 MEDIUM | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-27123 | 5.5 MEDIUM | Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability |
| CVE-2020-26083 | 4.8 MEDIUM | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-27121 | 4.3 MEDIUM | Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerabili |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco IP Phones with Multiplatform Firmware
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido IDOR漏洞致用户隐私泄露 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-371
- CVE-2024-20455
Cisco IOS XE Software 安全漏洞 - CVE-2020-3422
Cisco IOS XE Software IP Service Level Agreements Denial of - CVE-2020-3385
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability - CVE-2020-3200
Cisco IOS and IOS XE Software Secure Shell Denial of Service - CVE-2019-1977
Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf
V. Comments for CVE-2020-3574
No comments yet