The decisive exposure specify by IP Phones involve the net waiter and can reserve an unauthenticated , remote assaulter to accomplish settle down privileged codification . Cisco put out security department update to fix the exposure this calendar week . While the company is cognisant of the defect being break publically ( Tenable has unfreeze a set cogent evidence - of - concept ) , it is not cognisant of the set on bogue . In the finis hebdomad , Cisco has relinquish posit for seven important vulnerability imply applications programme for WLC , Webex Network Recording Player and Webex App , Mobility Express Applications , Unified Communications Manager ( UCM ) and Aironet Series Access Points Software . An assaulter can , consequently , exploit the blemish by institutionalize a custom HTTP request to a compromise device ’s entanglement waiter . A summate of three critical vulnerability have been identified in Cisco UCS Director and UCS Director Express for Big Data , both of which have been incur in relief API . The glitch HA a order of 9.8 for CVSS . All three problem were look at with in UCS Director 6.7.4.0 and UCS Express Director 3.7.4.0 . contingent on each vulnerability can be line up on Cisco ’s internet site assistance . IP Phone 7811 , IP Phone 7811 , IP Phone 7841 and Mobile Phones 8861 , 8841 , 8845 , 8855 , 8861 and 8865 , Unified IP Conference Telephone 8831 and Wireless IP Telephone 8821 and Wireless IP Telephone 8821 and 8821 - EX are impair . glitch can short-circuit hallmark or contribute via directory assail from outside , non - authenticated aggressor . The faulting are trail as CVE-2020 - 3239 , CVE-2020 - 3240 and CVE-2020 - 3243 and are attributable to an unequal validation of the memory access ascendancy and faulty proof of the data . Six of the vulnerability may be victimized by removed unauthenticated aggressor to causa Denial of military service ( DoS ) , put to death forgery ( CSRF ) or carry on directory hybrid - situation assault . The Webex Player badger could booster cable to distant executing of codification . To secure these fault , Cisco bring out disengage computer software dapple and confirm that it is not cognisant of any remark or malicious consumption of those microbe . The bring out is supervise as CVE-2020 - 3161 , as the stimulus in HTTP quest is not validated right .