First published: Mon Jul 16 2018(Updated: )
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Ip Phone Multiplatform Firmware | =11.1\(2\) | |
Cisco Ip Phone 6841 | ||
Cisco Ip Phone 6851 | ||
Cisco Ip Phone 7811 | ||
Cisco Ip Phone 7821 | ||
Cisco Ip Phone 7841 | ||
Cisco IP Phone 7861 | ||
Cisco Ip Phone 8811 | ||
Cisco Ip Phone 8841 | ||
Cisco Ip Phone 8845 | ||
Cisco IP Phone 8851 | ||
Cisco Ip Phone 8861 | ||
Cisco Ip Phone 8865 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-0341.
The severity of CVE-2018-0341 is critical.
CVE-2018-0341 allows an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server on Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1).
To fix CVE-2018-0341, update to the latest Multiplatform Firmware version 11.2(1) or later.
You can find more information about CVE-2018-0341 on the Cisco Security Advisory page.