CVE-2017-12305

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.

Severity	MEDIUM
CVSS	6.7
EPSS	-
CWE	CWE-77
KEV
Published	8 years ago
Modified	1 week ago

CSAF Product Statuses

Product	Status	Source	Advisory	Rows
Cisco IP Phone 8800 Series Software	known_affected	cisco_csaf	cisco-sa-20171115-ipp	1

Related Products

Product	Advisory
Cisco IP phone	cisco-sa-20171115-ipp
Cisco IP Phone 8800 Series Software	cisco-sa-20171115-ipp
Cisco 8000 Series Routers	cisco-sa-20171115-ipp