Multiple vulnerabilities in Cisco 8800 Series IP Phones



Published: 2016-06-21 | Updated: 2016-06-27
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2016-1434
CVE-2016-1435
CWE-ID CWE-362
CWE-400
CWE-306
CWE-918
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Directory traversal vulnerability

EUVDB-ID: #VU14

Risk: Medium

CVSSv3.1: 3.3 [AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-1434

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to delete arbitrary files on the device.

The vulnerability exists due to insufficient validation of user-input. A local user can delete arbitrary files on the device using directory traversal sequences via certificate upload interface.

Successful exploitation of this vulnerability will allow the attacker to make the device unresponsive.

Mitigation

Patch for this vuinerability is available through the Cisco Bug Search Tool.

Vulnerable software versions External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Filesystem enforce permissions vulnerability

EUVDB-ID: #VU13

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-1435

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to software error when enforcing permissions for mounted filesystem. A local user can read or modify arbitrary files on the vulnerable device.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges.

Mitigation

Patch for this vulnerability is available through Cisco Bug Search Tool.

Vulnerable software versions External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###