SB2016062101 - Multiple vulnerabilities in Cisco 8800 Series IP Phones

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016062101

SB2016062101 - Multiple vulnerabilities in Cisco 8800 Series IP Phones

Published: June 21, 2016 Updated: June 27, 2016

Security Bulletin ID SB2016062101
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Directory traversal vulnerability (CVE-ID: CVE-2016-1434)

The vulnerability allows a local attacker to delete arbitrary files on the device.

The vulnerability exists due to insufficient validation of user-input. A local user can delete arbitrary files on the device using directory traversal sequences via certificate upload interface.

Successful exploitation of this vulnerability will allow the attacker to make the device unresponsive.


2) Filesystem enforce permissions vulnerability (CVE-ID: CVE-2016-1435)

The vulnerability allows a local user to obtain elevated privileges.

The vulnerability exists due to software error when enforcing permissions for mounted filesystem. A local user can read or modify arbitrary files on the vulnerable device.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges.


Remediation

Install update from vendor's website.

References