CVE-2018-0341
published 2018-07-16CVE-2018-0341: A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated…
PriorityP261high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
5.87%
92.3th percentile
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ip_phone_6800_7800_and_8800_series_with_multiplatform_firmware | — | — |
| cisco | ip_phone_multiplatform_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit requires authentication; monitor for authenticated web UI sessions on Cisco IP Phone 6800, 7800, and 8800 Series devices submitting unexpected shell metacharacters or command sequences in user input fields. ↗
- →Alert on command injection attempts (CWE-77) targeting the web-based UI of Cisco IP Phone Multiplatform Firmware devices; look for shell command syntax in HTTP POST body parameters directed at the phone's web management interface. ↗
- ·Vulnerability only affects Cisco IP Phone 6800, 7800, and 8800 Series running Multiplatform Firmware versions before 11.2(1); standard (non-multiplatform) firmware is not affected. ↗
- ·Exploitation requires the attacker to be authenticated to the web-based UI, limiting exposure to credentialed attackers or those with stolen credentials. ↗
- ·Cisco confirmed there are no workarounds; patching to 11.2(1) or later is the only mitigation. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
vendor_cisco·2018-07-11·CVSS 8.8
CVE-2018-0341 [HIGH] CWE-77 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2018
Cisco
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0341 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
CVE-2018-0341: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco will release software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-77, CWE-77
Bug IDs: CSCvi51426
GHSA
GHSA-g8ww-fc2w-qfrg: A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11
ghsa_unreviewed·2022-05-13
CVE-2018-0341 [HIGH] CWE-78 GHSA-g8ww-fc2w-qfrg: A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/104731http://www.securitytracker.com/id/1041285https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-injecthttp://www.securityfocus.com/bid/104731http://www.securitytracker.com/id/1041285https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject
2018-07-16
Published