ip_phone_multiplatform_firmware

0Vulnerabilities found

CVE-2018-0341

Assigner-Cisco Systems, Inc.

View Details

Assigner-Cisco Systems, Inc.

CVSS Score-8.8||HIGH

EPSS-3.14% / 86.35%

7 Day CHG~0.00%

Published-16 Jul, 2018 | 17:00

Updated-29 Nov, 2024 | 14:55

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

Vendor-n/a Cisco Systems, Inc.

Product-ip_phone_8841 ip_phone_8865 ip_phone_multiplatform_firmware ip_phone_7811 ip_phone_7861 ip_phone_8851 ip_phone_8861 ip_phone_6851 ip_phone_7821 ip_phone_8845 ip_phone_7841 ip_phone_8811 ip_phone_6841 Cisco IP Phone 6800, 7800, and 8800 unknown

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

N/A

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -