Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director. The flaws are caused by the improper validation of HTTP requests, an attacker could exploit the issue by sending a crafted request to the web server of the vulnerable device. The flaw, tracked as CVE-2020-3161, has been rated as a critical severity and received a CVSS score of 9.8. The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device.”]
Source: https://securityaffairs.co/wordpress/101790/security/cisco-phones-ucs-director-flaws.html

