PT-2016-4784 · Cisco · Cisco 8800

Published

2016-06-23

Updated

2016-11-30

CVE-2016-1434

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco 8800 phones version 11.0(1)

Description The issue concerns the license-certificate upload functionality, which allows remote authenticated users to delete arbitrary files by uploading an invalid file.

Recommendations For version 11.0(1), consider restricting access to the license-certificate upload functionality until a fix is available. As a temporary workaround, limit the ability of remote authenticated users to upload files to prevent potential exploitation.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

CVE-2016-1434

Affected Products

Cisco 8800

PT-2016-4784 · Cisco · Cisco 8800

CVE-2016-1434

Weakness Enumeration

Related Identifiers

Affected Products

References · 4