#VU19286 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Cisco Small Business SPA500 Series IP Phones
Vulnerability identifier: #VU19286
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-77
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Cisco Small Business SPA500 Series IP Phones
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Cisco Systems, Inc
Description
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Cisco Small Business SPA500 Series IP Phones: 7.6.2SR5
CPE
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
