Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability
BID:106515
CVE-2018-461 |Info
Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability
| Bugtraq ID: | 106515 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-0461 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 09 2019 12:00AM |
| Updated: | Jan 09 2019 12:00AM |
| Credit: | IoT Inspector Team and Werner Schober. |
| Vulnerable: |
Cisco IP Phone 8800 Series 12.5(1) |
| Not Vulnerable: |
Cisco IP Phone 8800 Series 12.5(1)MN515 |
Discussion
Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability
Cisco IP Phone 8800 Series are prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code within the context of the affected application.
This issue is tracked by Cisco Bug ID CSCvm95999.
Cisco IP Phone 8800 Series are prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary script code within the context of the affected application.
This issue is tracked by Cisco Bug ID CSCvm95999.
References
Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability
References:
References: