Loading
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Use CWE-20, Cisco vendor hub and Ip Conference Phone 7832 Firmware product page to widen CVE-2020-3111 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2019-1635, CVE-2021-1379 and CVE-2019-1684 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: January 30th, 2026.