CVE-2018-0461
Vulnerability from cvelistv5
Published
2019-01-10 16:00
Modified
2024-11-19 19:19
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/106515 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106515 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IP Phone 8800 Series Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106515"
},
{
"name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:25:47.192182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:19:17.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phone 8800 Series Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-11T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "106515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106515"
},
{
"name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
}
],
"source": {
"advisory": "cisco-sa-20190109-phone-script-injection",
"defect": [
[
"CSCvm95999"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-0461",
"STATE": "PUBLIC",
"TITLE": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IP Phone 8800 Series Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106515"
},
{
"name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-phone-script-injection",
"defect": [
[
"CSCvm95999"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0461",
"datePublished": "2019-01-10T16:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-19T19:19:17.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-0461\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2019-01-10T16:29:00.287\",\"lastModified\":\"2024-11-21T03:38:16.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el software Cisco IP Phone 8800 Series podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de inyecci\u00f3n de scripts en un sistema afectado. La vulnerabilidad existe debido a que el software que se ejecuta en un dispositivo afectado no valida lo suficiente los datos proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que haga clic sobre un enlace malicioso que se le proporciona o mediante la interfaz de un dispositivo afectado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz de usuario o acceder a informaci\u00f3n sensible del sistema, lo que en circunstancias normales deber\u00eda estar prohibido.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8800_series_firmware:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98070A9A-E891-490E-9D20-65BB551DC9EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0CC3127-3152-4906-9FE0-BC6F21DCADAA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7944CC9C-AE08-4F30-AF65-134DADBD0FA1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A313E64A-F43C-4FBA-A389-6171CBD709C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF6DC5E-F582-445E-BF05-2D55A0954663\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090EE553-01D5-45F0-87A4-E1167F46EB77\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB99B9AB-64B5-4989-9579-A1BB5D2D87EF\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106515\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ghsa-2frm-cvwv-gjwx
Vulnerability from github
Published
2022-05-13 01:35
Modified
2022-05-13 01:35
Severity ?
Details
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
{
"affected": [],
"aliases": [
"CVE-2018-0461"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-10T16:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.",
"id": "GHSA-2frm-cvwv-gjwx",
"modified": "2022-05-13T01:35:06Z",
"published": "2022-05-13T01:35:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0461"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106515"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cisco-sa-20190109-phone-script-injection
Vulnerability from csaf_cisco
Published
2019-01-09 16:00
Modified
2019-01-09 16:00
Summary
Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability
Notes
Summary
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device.
The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"]
Vulnerable Products
This vulnerability affects Cisco IP Phone 8800 Series Software. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
Cisco would like to thank both the IoT Inspector Team and Werner Schober, of the SEC Consult Vulnerability Lab, for reporting this vulnerability.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "Cisco would like to thank both the IoT Inspector Team and Werner Schober, of the SEC Consult Vulnerability Lab, for reporting this vulnerability."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device.\r\n\r\nThe vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.\r\n\r\nThere are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection\"]",
"title": "Summary"
},
{
"category": "general",
"text": "This vulnerability affects Cisco IP Phone 8800 Series Software. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "There are no workarounds that address this vulnerability.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "Cisco would like to thank both the IoT Inspector Team and Werner Schober, of the SEC Consult Vulnerability Lab, for reporting this vulnerability.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
"issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
},
{
"category": "external",
"summary": "Cisco Security Advisories and Alerts page",
"url": "https://www.cisco.com/go/psirt"
},
{
"category": "external",
"summary": "Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
}
],
"title": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"tracking": {
"current_release_date": "2019-01-09T16:00:00+00:00",
"generator": {
"date": "2022-09-03T03:29:22+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-20190109-phone-script-injection",
"initial_release_date": "2019-01-09T16:00:00+00:00",
"revision_history": [
{
"date": "2019-01-09T15:58:26+00:00",
"number": "1.0.0",
"summary": "Initial public release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco IP Phone 8800 Series Software",
"product": {
"name": "Cisco IP Phone 8800 Series Software ",
"product_id": "CSAFPID-205455"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0461",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvm95999"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-205455"
]
},
"release_date": "2019-01-09T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-205455"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-205455"
]
}
],
"title": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability"
}
]
}
gsd-2018-0461
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-0461",
"description": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.",
"id": "GSD-2018-0461",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2018-0461"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-0461"
],
"details": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.",
"id": "GSD-2018-0461",
"modified": "2023-12-13T01:22:24.639864Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-0461",
"STATE": "PUBLIC",
"TITLE": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IP Phone 8800 Series Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106515"
},
{
"name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-phone-script-injection",
"defect": [
[
"CSCvm95999"
]
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0461"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
},
{
"name": "106515",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106515"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:32Z",
"publishedDate": "2019-01-10T16:29Z"
}
}
}
var-201901-0469
Vulnerability from variot
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. The Cisco IP Phone 8800 Series device is an IP phone that provides video and VoIP communication capabilities at Cisco. This issue is tracked by Cisco Bug ID CSCvm95999. SEC Consult Vulnerability Lab Security Advisory < 20190109-0 > ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE number: CVE-2018-0461 impact: high homepage: https://www.cisco.com found: 10/2018 by: W. Schober, IoT Inspector (Office Vienna) SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"The Cisco IP Phone 8800 Series is a great fit for businesses of all sizes seeking secure, high-quality, full-featured VoIP. Select models provide affordable entry to HD video and support for highly-active, in-campus mobile workers."
Source: https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-8800-series/index.html
Business recommendation:
SEC Consult recommends to update the devices to the newest firmware (12.5.1 MN), where all the documented issues are fixed according to the vendor.
We want to thank Cisco for the very professional response and great coordination.
Vulnerability overview/description:
1) Arbitrary Script Injection The VOIP phones can be managed directly via the integrated keyboard and the built-in screen. In the configuration menu a few spots allow users to input text via the integrated keyboard into text boxes (e.g. Hostname). Those text input fields are prone to JavaScript-like code injection. An attacker is able to inject arbitrary payloads via the T9 keyboard.
2) Hard coded and weak secrets (Identified during an automated firmware analysis by IoT Inspector) The firmware, which is directly served from Cisco, contains multiple hard coded password hashes. They are stored in the /etc/passwd file and are hashed using an outdated algorithm (UNIX MD5+salt). The users are not documented anywhere. Access via SSH using those credentials is possible.
Due to the outdated algorithm in use (UNIX MD5+Salt) and the very weak password it was easily possible to brute-force the password within seconds.
3) Undocumented debug functionality During a manual firmware analysis a few undocumented endpoints in the built-in web application, which is running on the VOIP phone, were identified. Those routes lead to parts of the web application that are neither documented nor officially mentioned anywhere by Cisco. Those parts of the web application allow an attacker to debug the device and create memory dumps.
4) Various outdated components with known vulnerabilities During the check a lot of outdated components were identified by their version numbers. It is not known which patches got backported by the vendor but Cisco mentioned that they have implemented some. The potentially affected components are:
-) wpa_supplicant -) BusyBox -) Dnsmasq -) OpenSSL -) OpenSSH -) Linux Kernel Privilege Escalation app_keya -) Linux Kernel Privilege Escalation aMempodippera -) Multiple Linux Kernel CVE entries
Please take a look at the IoT Inspector report for details: https://r.sec-consult.com/iotinspectorcisco
Proof of concept:
1) Arbitrary Script Injection A lot of settings can be changed directly on the VOIP phone via the built-in screen. There are also multiple locations, where user-input is parsed and displayed. It was possible to inject arbitrary (JavaScript) code directly into the phone UI. As an example the hostname of the VOIP Phone can be changed to the following value:
hostnamea>
The sec.js gets loaded from the remote host immediately and the exec function is executed.
< A screenshot can be found online on our website >
Further analysis has not been performed, but depending on the underlying libraries/system in use, it might be possible to get system level access via this attack vector.
2) Hard coded and weak secrets The file at the following path contains a hard coded password for the user debug: /_rootfs288xx.12-0-1ES-15.sbn.extracted/squashfs-root/etc/passwd
$1$aoJQnypw$vHpN9WTJEQn1UnHzJdoz71 (Type: MD5 (Unix))
This hash corresponds to the following clear-text password: debug
The password for the user root and default is also stored in the /etc/passwd: nCjlgBm7.lvX2 (Type: DES (Unix)) - Users: root, default
3) Undocumented debug functionality The built-in VOIP phone web server offers multiple functionalities for the end-user. During a manual analysis, undocumented endpoints with critical functionality got identified. Assigned ID: PSIRT-0289060835 Cisco PSIRT requests that the public disclosure should be shifted to January 2019 to avoid public christmas holidays. 2018-10-18: Contacting Cisco PSIRT and agreeing on public disclosure date 2019-01-09. 2018-10-24: Update from Cisco that a case owner got assigned. 2018-10-29: Update from Cisco that they are still reviewing the vulnerabilities and that they have already requested CVEs. 2018-11-05: Update from Cisco with further details about the internal scheduling. 2018-11-12: Update from Cisco with further details about CVEs. 2018-11-12: Cisco assigned CVE-2018-0461 and informed us that the vulnerabilities will be fixed in an upcoming release at the end of the year; Requesting affected/fixed versions. 2018-11-30: Cisco responds with affected devices and firmwares. Requesting updated firmware to do another IoT inspector scan, to verify the fixes. 2019-01-09: Public release of security advisory
Solution:
Update the firmware of the affected devices to at least 12.5.1 MN.
The vendor has published a security advisory as well: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection
Workaround:
Disable the built-in web server Segment the VOIP network in a way, that access for devices other than VoIP phones in any direction is not possible at all. Remove the debug user
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult Europe | Asia | North America
About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF W. Schober / @2019
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip phone 8800 series",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "ip phone 8800 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8800"
},
{
"model": "ip phone series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "880012.5(1)"
},
{
"model": "ip phone series 12.5 mn515",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "BID",
"id": "106515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ip_phone_8800_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank both the IoT Inspector Team and Werner Schober, of the SEC Consult Vulnerability Lab, for reporting this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
}
],
"trust": 0.6
},
"cve": "CVE-2018-0461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0461",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-01371",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0461",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0461",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0461",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2018-0461",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0461",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-01371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-295",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118663",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. The Cisco IP Phone 8800 Series device is an IP phone that provides video and VoIP communication capabilities at Cisco. \nThis issue is tracked by Cisco Bug ID CSCvm95999. SEC Consult Vulnerability Lab Security Advisory \u003c 20190109-0 \u003e\n=======================================================================\n title: Multiple Vulnerabilities\n product: Cisco VoIP Phones, e.g. models 88XX\n vulnerable version: See list of vulnerable devices/firmwares below\n fixed version: 12.5.1 MN\n CVE number: CVE-2018-0461\n impact: high\n homepage: https://www.cisco.com\n found: 10/2018\n by: W. Schober, IoT Inspector (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"The Cisco IP Phone 8800 Series is a great fit for businesses of all sizes\nseeking secure, high-quality, full-featured VoIP. Select models provide\naffordable entry to HD video and support for highly-active, in-campus mobile\nworkers.\"\n\nSource:\nhttps://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-8800-series/index.html\n\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to update the devices to the newest firmware (12.5.1 MN),\nwhere all the documented issues are fixed according to the vendor. \n\nWe want to thank Cisco for the very professional response and great coordination. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Arbitrary Script Injection\nThe VOIP phones can be managed directly via the integrated keyboard and the\nbuilt-in screen. In the configuration menu a few spots allow users to input\ntext via the integrated keyboard into text boxes (e.g. Hostname). Those text\ninput fields are prone to JavaScript-like code injection. An attacker is able\nto inject arbitrary payloads via the T9 keyboard. \n\n\n2) Hard coded and weak secrets\n(Identified during an automated firmware analysis by IoT Inspector)\nThe firmware, which is directly served from Cisco, contains multiple hard coded\npassword hashes. They are stored in the /etc/passwd file and are hashed using\nan outdated algorithm (UNIX MD5+salt). The users are not documented anywhere. \nAccess via SSH using those credentials is possible. \n\nDue to the outdated algorithm in use (UNIX MD5+Salt) and the very weak password\nit was easily possible to brute-force the password within seconds. \n\n\n3) Undocumented debug functionality\nDuring a manual firmware analysis a few undocumented endpoints in the\nbuilt-in web application, which is running on the VOIP phone,\nwere identified. Those routes lead to parts of the web application that are\nneither documented nor officially mentioned anywhere by Cisco. Those parts of\nthe web application allow an attacker to debug the device and create memory\ndumps. \n\n\n4) Various outdated components with known vulnerabilities\nDuring the check a lot of outdated components were identified by their version\nnumbers. It is not known which patches got backported by the vendor but Cisco\nmentioned that they have implemented some. The potentially affected components\nare:\n\n-) wpa_supplicant\n-) BusyBox\n-) Dnsmasq\n-) OpenSSL\n-) OpenSSH\n-) Linux Kernel Privilege Escalation app_keya\n-) Linux Kernel Privilege Escalation aMempodippera\n-) Multiple Linux Kernel CVE entries\n\nPlease take a look at the IoT Inspector report for details:\nhttps://r.sec-consult.com/iotinspectorcisco\n\n\nProof of concept:\n-----------------\n1) Arbitrary Script Injection\nA lot of settings can be changed directly on the VOIP phone via the built-in\nscreen. There are also multiple locations, where user-input is parsed and\ndisplayed. It was possible to inject arbitrary (JavaScript) code directly into\nthe phone UI. As an example the hostname of the VOIP Phone can be changed to\nthe following value:\n\nhostnamea\u003e\u003cimg src=http://$IP/sec.js onload=exec()\u003e\n\nThe sec.js gets loaded from the remote host immediately and the exec function\nis executed. \n\n\u003c A screenshot can be found online on our website \u003e\n\nFurther analysis has not been performed, but depending on the underlying\nlibraries/system in use, it might be possible to get system level access via\nthis attack vector. \n\n\n2) Hard coded and weak secrets\nThe file at the following path contains a hard coded password for the user debug:\n/_rootfs288xx.12-0-1ES-15.sbn.extracted/squashfs-root/etc/passwd\n\n$1$aoJQnypw$vHpN9WTJEQn1UnHzJdoz71 (Type: MD5 (Unix))\n\nThis hash corresponds to the following clear-text password: debug\n\nThe password for the user root and default is also stored in the /etc/passwd:\nnCjlgBm7.lvX2 (Type: DES (Unix)) - Users: root, default\n\n\n3) Undocumented debug functionality\nThe built-in VOIP phone web server offers multiple functionalities for the\nend-user. During a manual analysis, undocumented endpoints with critical\nfunctionality got identified. Assigned ID: PSIRT-0289060835\n Cisco PSIRT requests that the public disclosure should be\n shifted to January 2019 to avoid public christmas holidays. \n2018-10-18: Contacting Cisco PSIRT and agreeing on public disclosure date\n 2019-01-09. \n2018-10-24: Update from Cisco that a case owner got assigned. \n2018-10-29: Update from Cisco that they are still reviewing the vulnerabilities\n and that they have already requested CVEs. \n2018-11-05: Update from Cisco with further details about the internal scheduling. \n2018-11-12: Update from Cisco with further details about CVEs. \n2018-11-12: Cisco assigned CVE-2018-0461 and informed us that the vulnerabilities\n will be fixed in an upcoming release at the end of the year;\n Requesting affected/fixed versions. \n2018-11-30: Cisco responds with affected devices and firmwares. Requesting\n updated firmware to do another IoT inspector scan, to verify the\n fixes. \n2019-01-09: Public release of security advisory\n\n\nSolution:\n---------\nUpdate the firmware of the affected devices to at least 12.5.1 MN. \n\nThe vendor has published a security advisory as well:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection\n\n\nWorkaround:\n-----------\nDisable the built-in web server\nSegment the VOIP network in a way, that access for devices other\nthan VoIP phones in any direction is not possible at all. \nRemove the debug user\n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF W. Schober / @2019\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0461"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "BID",
"id": "106515"
},
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "PACKETSTORM",
"id": "151074"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-118663",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118663"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0461",
"trust": 3.5
},
{
"db": "BID",
"id": "106515",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-01371",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151074",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118663",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "BID",
"id": "106515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "PACKETSTORM",
"id": "151074"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"id": "VAR-201901-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "VULHUB",
"id": "VHN-118663"
}
],
"trust": 1.0638431
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
}
]
},
"last_update_date": "2024-11-23T22:37:56.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190109-phone-script-injection",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
},
{
"title": "CiscoIPPhone8800Series code injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/150047"
},
{
"title": "Cisco IP Phone 8800 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88494"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-phone-script-injection"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106515"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0461"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0461"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-8800-series/index.html"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://$voip-phone-ip/cgi/java/monitor"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://www.cisco.com"
},
{
"trust": 0.1,
"url": "http://$ip/sec.js"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://r.sec-consult.com/iotinspectorcisco"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "BID",
"id": "106515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "PACKETSTORM",
"id": "151074"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"db": "VULHUB",
"id": "VHN-118663"
},
{
"db": "BID",
"id": "106515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"db": "PACKETSTORM",
"id": "151074"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"date": "2019-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-118663"
},
{
"date": "2019-01-09T00:00:00",
"db": "BID",
"id": "106515"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"date": "2019-01-10T05:05:18",
"db": "PACKETSTORM",
"id": "151074"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"date": "2019-01-10T16:29:00.287000",
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01371"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118663"
},
{
"date": "2019-01-09T00:00:00",
"db": "BID",
"id": "106515"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001715"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-295"
},
{
"date": "2024-11-21T03:38:16.827000",
"db": "NVD",
"id": "CVE-2018-0461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phone 8800 Code Injection Vulnerability in Series Software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-295"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.