CVE-2018-0461 — Code Injection in Cisco IP Phone 8800 Series Software

CWE-94 — Code Injection4 documents4 sources

Severity

8.8HIGHNVD

CNA6.5

EPSS

0.3%

top 49.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IP Phone 8800 Series Software Cisco IP Phone 8800 Series Firmware

Timeline

PublishedJan 10

Latest updateMay 13

Description

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an atta…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_ip_phone_8800_series_softwaren/a

▶NVDcisco/ip_phone_8800_series_firmware12.5\(1\)

🔴Vulnerability Details

GHSA

GHSA-2frm-cvwv-gjwx: A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection at↗2022-05-13

▶

CVEList

Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability↗2019-01-10

▶

📋Vendor Advisories

Cisco

Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability↗2019-01-09

▶