CVE-2016-1435

Published on: 06/22/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ip Phone 8800 from Cisco contain the following vulnerability:

Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.

  • CVE-2016-1435 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.2 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL HIGH NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Cisco 8800 Series IP Phones Access Permission Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036138
Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CISCO 20160620 Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareCiscoIp Phone 8800AllAllAllAll
HardwareCiscoIp Phone 8800AllAllAllAll
Operating
System
CiscoIp Phone 8800 Series Firmware11.0\(1\)AllAllAll
Operating
System
CiscoIp Phone 8800 Series Firmware11.0\(1\)AllAllAll
  • cpe:2.3:h:cisco:ip_phone_8800:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:ip_phone_8800:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\(1\):*:*:*:*:*:*:*: