CVE-2020-16139
HIGH EXPLOITED NUCLEICisco Unified IP Conference Station 7937G - DoS
Title source: llmExploitation Summary
CVE-2020-16139 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
Nuclei Templates (1)
Cisco Unified IP Conference Station 7937G - Denial-of-Service
HIGHby pikpikcu
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html
Exploit, Third Party Advisory x_refsource_misc
https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/
Vendor Advisory x_refsource_misc
https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
Scores
CVSS v3
7.5
EPSS
0.7945
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2025-06-08
Status
published
Products (1)
cisco/unified_ip_conference_station_7937g_firmware
1.4.4.0 - 1.4.5.7
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026