CVE-2016-1435 — Cisco IP Phone 8800 Series Firmware vulnerability

CWE-2644 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.2%

top 61.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IP Phone 8800 Series Firmware

Timeline

PublishedJun 23

Latest updateMay 17

Description

Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/ip_phone_8800_series_firmware11.0\(1\)

🔴Vulnerability Details

GHSA

GHSA-jx67-6xfj-h9r4: Cisco 8800 phones with software 11↗2022-05-17

▶

CVEList

CVE-2016-1435: Cisco 8800 phones with software 11↗2016-06-23

▶

📋Vendor Advisories

Cisco

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability↗2016-06-20

▶