CVE-2020-3161

Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition. Vendor/Product: Cisco Cisco IP Phones. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.