How to fix CVE-2020-37153?

Within 24 hours: Identify all systems running ASTPP 4.0.1 and assess their network exposure; disable plugin management and SIP device configuration interfaces if not actively required. Within 7 days: Implement WAF rules to block exploitation attempts targeting vulnerable endpoints; apply input validation and output encoding controls; conduct threat hunting for signs of exploitation. Within 30 days: Evaluate upgrading to patched ASTPP version or alternative VoIP platform; if upgrade unavailable, establish compensating controls including network segmentation, access controls, and enhanced monitoring.

Is Aws affected by CVE-2020-37153?

ASTPP 4.0.1 contains critical vulnerabilities (CVSS 9.8) affecting SIP device configuration and plugin management that could allow attackers to execute arbitrary commands or inject malicious code.

CVE-2020-37153

CRITICAL

2026-02-11 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 20, 2026 - 20:22 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 21:16 nvd

CRITICAL 9.8

Description

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

Analysis

Multiple vulnerabilities in ASTPP 4.0.1 including XSS and command injection in SIP device configuration and plugin management. PoC available.

Technical Context

CWE-79 and command injection in ASTPP, an open-source VoIP billing platform.

Affected Products

['ASTPP 4.0.1']

Remediation

Update ASTPP.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: +20

CVE-2020-37153 vulnerability details – vuln.today

Back

CVE-2020-37153

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37153

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code