CVE-2018-0341

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware versions prior to 11.2(1)

Description The issue is related to insufficient input validation in the web-based UI, allowing an authenticated, remote attacker to perform command injection and execute commands with the privileges of the web server. This can be achieved by including arbitrary shell commands in a specific user input field.

Recommendations For versions prior to 11.2(1), update to version 11.2(1) or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based UI to minimize the risk of exploitation. Avoid using arbitrary shell commands in user input fields until the issue is resolved.