Vulnerability Description
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ip Phone Multiplatform Firmware | 11.1\(2\) |
| Cisco | Ip Phone 6841 | - |
| Cisco | Ip Phone 6851 | - |
| Cisco | Ip Phone 7811 | - |
| Cisco | Ip Phone 7821 | - |
| Cisco | Ip Phone 7841 | - |
| Cisco | Ip Phone 7861 | - |
| Cisco | Ip Phone 8811 | - |
| Cisco | Ip Phone 8841 | - |
| Cisco | Ip Phone 8845 | - |
| Cisco | Ip Phone 8851 | - |
| Cisco | Ip Phone 8861 | - |
| Cisco | Ip Phone 8865 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104731Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041285Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104731Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041285Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0341?
CVE-2018-0341 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injectio...
How severe is CVE-2018-0341?
CVE-2018-0341 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0341?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone Multiplatform Firmware, Cisco Ip Phone 6841, Cisco Ip Phone 6851, Cisco Ip Phone 7811, Cisco Ip Phone 7821.