Command Injection Vulnerability in Cisco IP 8800 Phones
CVE-2016-1403

7.8HIGH

Key Information:

Vendor: Cisco
Status: Ip Phone 8800 Series Firmware
Vendor: CVE Published:; 4 June 2016

Summary

Cisco IP 8800 phones with software versions up to and including 11.0.1 are susceptible to a command injection vulnerability that allows local users to execute arbitrary OS commands via specially crafted command-line interface (CLI) inputs. This flaw could potentially compromise the integrity of device operations and lead to unauthorized access. It has been documented as Bug ID CSCuz03005, and it's crucial for users to assess their systems and apply available patches to mitigate this risk. Refer to the Cisco Security Advisory for further details.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2016
Vulnerability Reserved
Jan 4, 2016