Privilege escalation in Cisco 6800 Series IP Phones - CVE-2017-12305
Published: November 21, 2017
Vulnerability identifier: #VU9386
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12305
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco 6800 Series IP Phones
Cisco 6800 Series IP Phones
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the debug interface of Cisco IP Phone 8800 series due to insufficient input validation. A local attacker can submit additional command input to the affected parameter in the debug shell and execute arbitrary code with elevated privileges.
The weakness exists in the debug interface of Cisco IP Phone 8800 series due to insufficient input validation. A local attacker can submit additional command input to the affected parameter in the debug shell and execute arbitrary code with elevated privileges.
How to mitigate CVE-2017-12305
Install update from vendor's website.