Directory Traversal Vulnerability in Cisco 8800 Series IP Phones
CVE-2016-1434

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Ip Phone 8800 Series Firmware
Vendor
CVE Published:
23 June 2016

Summary

The Cisco 8800 Series IP Phones, running software version 11.0(1), possess a vulnerability within their license-certificate upload functionality. This flaw enables remote authenticated users to exploit the system by deleting arbitrary files through the upload of an invalid file, posing a risk to the integrity and availability of the device's data. The vulnerability is identified by Bug ID CSCuz03010.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1036139
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.