PT-2019-9273 · Yealink · Sip-T41P

Publicado

2019-05-29

Atualizado

2019-05-31

CVE-2018-16217

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Yeahlink Ultra-elegant IP Phone SIP-T41P version 66.83.0.35

Description The issue concerns the network diagnostic function, specifically the ping functionality, which is vulnerable to command injection. This allows a remote authenticated attacker to execute OS commands or establish a reverse shell.

Recommendations For version 66.83.0.35, consider disabling the network diagnostic function, specifically the ping functionality, until a patch is available to prevent command injection attacks. Restrict access to the device to minimize the risk of exploitation by authenticated attackers.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-16217

Produtos afetados

Sip-T41P

PT-2019-9273 · Yealink · Sip-T41P

CVE-2018-16217

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4