cisco-sa-20190320-ipptv: Cisco IP Phone 8800 Series Path Traversal Vulnerability
First published: Wed Mar 20 2019(Updated: )
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
Credit: David Gullasch modzero AG
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IP Phone 8800 key expansion module |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20190320-ipptv?
The severity of cisco-sa-20190320-ipptv is considered high due to the potential for arbitrary file write by an authenticated attacker.
How do I fix cisco-sa-20190320-ipptv?
To fix cisco-sa-20190320-ipptv, ensure that your Cisco IP Phone 8800 Series software is updated to the latest version provided by Cisco.
Who is affected by cisco-sa-20190320-ipptv?
The vulnerability cisco-sa-20190320-ipptv affects users of the Cisco IP Phone 8800 Series using the web-based management interface.
What type of attack is possible with cisco-sa-20190320-ipptv?
With cisco-sa-20190320-ipptv, an authenticated remote attacker can write arbitrary files to the filesystem.
What causes the cisco-sa-20190320-ipptv vulnerability?
The cisco-sa-20190320-ipptv vulnerability is caused by insufficient input validation in the web-based management interface.
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/cisco-advisory
- source/Cisco
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ip phone 8800 key expansion module