QwikSec

Security Database

CVE

CWE

Training

CVE-2018-0341

Published: Jul 16, 2018

Modified: Nov 29, 2024

PUBLISHED

Description

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

Vendor	Product	Versions
n/a	Cisco IP Phone 6800, 7800, and 8800 unknown	affected `Cisco IP Phone 6800, 7800, and 8800 unknown`

Weaknesses (CWE)

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.