CVE-2018-0341
Summary
| CVE | CVE-2018-0341 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-16 17:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Ip Phone 6841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 6841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 6851 | - | All | All | All |
| Hardware | Cisco | Ip Phone 6851 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7811 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7811 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7821 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7821 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7861 | - | All | All | All |
| Hardware | Cisco | Ip Phone 7861 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8811 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8811 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8841 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8845 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8845 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8851 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8851 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8861 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8861 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8865 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8865 | - | All | All | All |
| Operating System | Cisco | Ip Phone Multiplatform Firmware | 11.1(2) | All | All | All |
| Operating System | Cisco | Ip Phone Multiplatform Firmware | 11.1\(2\) | All | All | All |
| Operating System | Cisco | Ip Phone Multiplatform Firmware | 11.1\(2\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco 6800, 7800, and 8800 Series IP Phones Input Validation Flaw in Web User Interface Lets Remote Authenticated Users Execute Arbitrary Shell Commands on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.