CVE-2017-12305
Summary
| CVE | CVE-2017-12305 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-16 07:29:00 UTC |
| Updated | 2019-10-09 23:22:00 UTC |
| Description | A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Ip Phone 8800 Series Firmware | All | All | All | All |
| Operating System | Cisco | Ip Phone 8800 Series Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IP Phone 8800 Series CVE-2017-12305 Local Command Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco IP Phone 8800 Series Input Validation Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.