Command Injection Vulnerability in Cisco IP Phone 8800 Series
CVE-2017-12305

6.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Ip Phone 8800 Series
Vendor: CVE Published:; 16 November 2017

What is CVE-2017-12305?

A security vulnerability exists in the debug interface of Cisco IP Phone 8800 series devices, allowing an authenticated local attacker to perform command injection. This occurs due to inadequate input validation, enabling the attacker to execute arbitrary commands after gaining access to the device's debug shell. Proper implementation of input validation measures is essential to mitigate this risk and enhance the security of the affected products.