Ip Phone 8800 Series Firmware
CVE-2016-1435
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
AnalysisAI
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Rated high severity (CVSS 7.0). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Affected products include: Cisco Ip Phone 8800 Series Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute co
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to exe
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated user
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated u
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today