Improper Filesystem Permissions in Cisco 8800 Series IP Phones
CVE-2016-1435

7HIGH

Key Information:

Vendor: Cisco
Status: Ip Phone 8800 Series Firmware
Vendor: CVE Published:; 23 June 2016

What is CVE-2016-1435?

The Cisco 8800 Series IP Phones running software version 11.0(1) contain a vulnerability that allows local users to write to arbitrary files due to inadequate enforcement of filesystem permissions. This flaw could be exploited by an attacker who has shell access, leading to potential unauthorized access and modification of critical system files. Organizations using these devices should ensure appropriate security measures are in place to mitigate the risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1036138

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2016
Vulnerability Reserved
Jan 4, 2016