Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-16137

Published: 12/08/2020 Updated: 17/05/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows malicious users to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco unified ip conference station 7937g firmware

Exploits

Exploit DB: Cisco 7937G All-In-One Exploiter
This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below ...
Exploit DB: Cisco 7937G Privilege Escalation
Cisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit ...

Github Repositories

https://github.com/blacklanternsecurity/Cisco-7937G-PoCs

Proofs of concept for three vulnerabilities affecting the Cisco 7937G Conference Station

Cisco-7937G-PoCs Proofs of concept for three vulnerabilities affecting the Cisco 7937G Conference Station All-In-One This script will allow you to test all three of the vulnerabilities present in the 7937G device It will require you to have the following Python modules installed: Paramiko Requests Random String cve_2020_16137, cve_2020_16138, cve_2020_16139 These scripts are

https://github.com/Fans0n-Fan/Cisco-7937G-All-In-One-Exploiter

This exploit is an all-in-one tool for Cisco 7937G

Cisco-7937G-All-In-One-Exploiter This exploit is an all-in-one tool for Cisco 7937G This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below

References

NVD-CWE-noinfohttps://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/https://packetstormsecurity.com/files/158818/Cisco-7937G-Privilege-Escalation.htmlhttps://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.htmlhttps://nvd.nist.govhttps://github.com/blacklanternsecurity/Cisco-7937G-PoCshttps://packetstormsecurity.com/files/158817/Cisco-7937G-All-In-One-Exploiter.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627CVE-2022-45803CVE-2024-38319cameratemplate injectionCVE-2024-27801CVE-2024-0762CVE-2024-5791unauthorized
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook