Vulnslist

find the latest Cisco vulnerabilities

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

cisco-sa-20171115-ipp · Medium · Published · Updated

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12305
Cisco Bug IDsCSCvf80034
CVSS ScoreBase 6.7
Base 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IP Phone 8800 Series Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IP Phone 8800 Series Software known_affected cisco_csaf CVE-2017-12305 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2017-12305 Cisco OpenVuln
Cisco IP Phone 8800 Series Software CVE-2017-12305 Cisco CSAF
Cisco 8000 Series Routers CVE-2017-12305 Cisco OpenVuln