CVE-2016-1403 — Improper Input Validation in Cisco IP Phone 8800 Series Firmware

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 52.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IP Phone 8800 Series Firmware

Timeline

PublishedJun 4

Latest updateMay 17

Description

CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/ip_phone_8800_series_firmware5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7f7g-pwgp-7v66: CISCO IP 8800 phones with software 11↗2022-05-17

▶

CVEList

CVE-2016-1403: CISCO IP 8800 phones with software 11↗2016-06-04

▶

📋Vendor Advisories

Cisco

Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability↗2016-06-03

▶