Vulnslist

find the latest Cisco vulnerabilities

Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability

cisco-sa-20160603-ipp · Medium · Published · Updated

A vulnerability in a command-line interface (CLI) utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to execute operating system commands and escalate privileges to increase the level of access to the targeted system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1403
Cisco Bug IDsCSCuz03005
CVSS ScoreBase 6.8
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco IP Phone 8800 Series Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IP Phone 8800 Series Software known_affected cisco_csaf CVE-2016-1403 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2016-1403 Cisco OpenVuln
Cisco IP Phone 8800 Series Software CVE-2016-1403 Cisco CSAF
Cisco 8000 Series Routers CVE-2016-1403 Cisco OpenVuln