PT-2019-1722 · Cisco · Cisco Ip Conference Phone 8831+4
Publicado
2019-03-20
·
Atualizado
2019-10-09
·
CVE-2019-1716
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco IP Phone 8800 versions prior to 12.5(1)SR1
Cisco IP Phone 7800 versions prior to 12.5(1)SR1
Cisco IP Phone 8821 versions prior to 11.0(4)SR3
Cisco IP Phone 8821-EX versions prior to 11.0(4)SR3
Cisco IP Conference Phone 8831 versions prior to 10.3(1)SR5
Description
The issue is related to insufficient validation of user-supplied input during authentication in the web-based management interface of Cisco IP Phones. This could allow a remote attacker to cause a denial of service condition or execute arbitrary code. An attacker could exploit this by connecting to an affected device using HTTP and supplying malicious user credentials, potentially triggering a reload of the device or executing code with the privileges of the app user.
Recommendations
For Cisco IP Phone 8800 versions prior to 12.5(1)SR1, update to version 12.5(1)SR1 or later.
For Cisco IP Phone 7800 versions prior to 12.5(1)SR1, update to version 12.5(1)SR1 or later.
For Cisco IP Phone 8821 versions prior to 11.0(4)SR3, update to version 11.0(4)SR3 or later.
For Cisco IP Phone 8821-EX versions prior to 11.0(4)SR3, update to version 11.0(4)SR3 or later.
For Cisco IP Conference Phone 8831 versions prior to 10.3(1)SR5, update to version 10.3(1)SR5 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Ip Conference Phone 8831
Cisco Ip Phone 7800
Cisco Ip Phone 8800
Cisco Ip Phone 8821
Cisco Ip Phone 8821-Ex