cbcvebase.
CVE-2018-0341
published 2018-07-16

CVE-2018-0341: A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated…

PriorityP261high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
5.87%
92.3th percentile
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscoip_phone_6800_7800_and_8800_series_with_multiplatform_firmware
ciscoip_phone_multiplatform_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit requires authentication; monitor for authenticated web UI sessions on Cisco IP Phone 6800, 7800, and 8800 Series devices submitting unexpected shell metacharacters or command sequences in user input fields.
  • Alert on command injection attempts (CWE-77) targeting the web-based UI of Cisco IP Phone Multiplatform Firmware devices; look for shell command syntax in HTTP POST body parameters directed at the phone's web management interface.
  • ·Vulnerability only affects Cisco IP Phone 6800, 7800, and 8800 Series running Multiplatform Firmware versions before 11.2(1); standard (non-multiplatform) firmware is not affected.
  • ·Exploitation requires the attacker to be authenticated to the web-based UI, limiting exposure to credentialed attackers or those with stolen credentials.
  • ·Cisco confirmed there are no workarounds; patching to 11.2(1) or later is the only mitigation.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.