← Back

CVE-2018-0341

nvd nist
Published: Jul 16, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

Affected (1)

Cisco
1 product
Ip Phone Multiplatform Firmware
Configuration A
1 vulnerable · 12 platform
Vulnerable SoftwareAffected Versions
Ip Phone Multiplatform Firmware
Version 11.1(2)
Running on/withPlatform Versions
Cisco
Ip Phone 6841
All versions
Cisco
Ip Phone 6851
All versions
Cisco
Ip Phone 7811
All versions
Cisco
Ip Phone 7821
All versions
Cisco
Ip Phone 7841
All versions
Cisco
Ip Phone 7861
All versions
Cisco
Ip Phone 8811
All versions
Cisco
Ip Phone 8841
All versions
Cisco
Ip Phone 8845
All versions
Cisco
Ip Phone 8851
All versions
Cisco
Ip Phone 8861
All versions
Cisco
Ip Phone 8865
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.