Vulnerability Description
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ip Phone 8800 | All versions |
| Cisco | Ip Phone 8800 Series Firmware | 11.0\(1\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1036138
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1036138
FAQ
What is CVE-2016-1435?
CVE-2016-1435 is a vulnerability with a CVSS score of 7.0 (HIGH). Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
How severe is CVE-2016-1435?
CVE-2016-1435 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1435?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8800, Cisco Ip Phone 8800 Series Firmware.