Command Injection Vulnerability in Cisco IP Phone 8800 Series
CVE-2017-12305

6.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ip Phone 8800 Series
Vendor
CVE Published:
16 November 2017

Summary

A security vulnerability exists in the debug interface of Cisco IP Phone 8800 series devices, allowing an authenticated local attacker to perform command injection. This occurs due to inadequate input validation, enabling the attacker to execute arbitrary commands after gaining access to the device's debug shell. Proper implementation of input validation measures is essential to mitigate this risk and enhance the security of the affected products.

Affected Version(s)

Cisco IP Phone 8800 Series Cisco IP Phone 8800 Series

References

http://www.securitytracker.com/id/1039829
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101869
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.