Sign-up

ID

VAR-201606-0326


CVE

CVE-2016-1403


TITLE

Cisco IP Phone 8800 In software OS Vulnerability that can get command execution privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-003023

DESCRIPTION

CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. The Cisco IP8800phone is a telephone product that provides video and VoIP communication capabilities at Cisco. A permission acquisition vulnerability exists in the Cisco IP8800phone using version 11.0.1 and earlier software. A local attacker could exploit the vulnerability to gain permission to execute operating system commands with the help of specially crafted CLI commands. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuz03005. Cisco IP 8800 Series Phones running versions 11.0.1 and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-1403 // JVNDB: JVNDB-2016-003023 // CNVD: CNVD-2016-03859 // BID: 91037 // VULHUB: VHN-90222

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03859

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:10.3

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:10.2\(2\)

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:10.2\(1\)

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0\(1\)

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:10.3\(2\)

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:lteversion:11.0.1

Trust: 0.8

vendor:ciscomodel:ip phonesscope:eqversion:8800<=11.0.1

Trust: 0.6

sources: CNVD: CNVD-2016-03859 // JVNDB: JVNDB-2016-003023 // CNNVD: CNNVD-201606-133 // NVD: CVE-2016-1403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1403
value: HIGH

Trust: 1.0

NVD: CVE-2016-1403
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03859
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201606-133
value: HIGH

Trust: 0.6

VULHUB: VHN-90222
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1403
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03859
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90222
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1403
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-03859 // VULHUB: VHN-90222 // JVNDB: JVNDB-2016-003023 // CNNVD: CNNVD-201606-133 // NVD: CVE-2016-1403

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-90222 // JVNDB: JVNDB-2016-003023 // NVD: CVE-2016-1403

THREAT TYPE

local

Trust: 0.9

sources: BID: 91037 // CNNVD: CNNVD-201606-133

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-133

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003023

PATCH
title:cisco-sa-20160603-ippurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp
Trust: 0.8
title:Cisco IP8800phone permissions to obtain patches for vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/77108
Trust: 0.6
title:Cisco IP 8800 phone Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62101
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03859 // 
            
            
            
            JVNDB: JVNDB-2016-003023 // 
            
            
            
            CNNVD: CNNVD-201606-133

EXTERNAL IDS
db:NVDid:CVE-2016-1403
Trust: 3.4
db:JVNDBid:JVNDB-2016-003023
Trust: 0.8
db:CNNVDid:CNNVD-201606-133
Trust: 0.7
db:CNVDid:CNVD-2016-03859
Trust: 0.6
db:BIDid:91037
Trust: 0.3
db:VULHUBid:VHN-90222
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03859 // 
            
            
            
            VULHUB: VHN-90222 // 
            
            
            
            BID: 91037 // 
            
            
            
            JVNDB: JVNDB-2016-003023 // 
            
            
            
            CNNVD: CNNVD-201606-133 // 
            
            
            
            NVD: CVE-2016-1403

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160603-ipp
Trust: 2.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1403
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1403
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-03859 // 
            
            
            
            VULHUB: VHN-90222 // 
            
            
            
            BID: 91037 // 
            
            
            
            JVNDB: JVNDB-2016-003023 // 
            
            
            
            CNNVD: CNNVD-201606-133 // 
            
            
            
            NVD: CVE-2016-1403

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 91037

SOURCES
db:CNVDid:CNVD-2016-03859
db:VULHUBid:VHN-90222
db:BIDid:91037
db:JVNDBid:JVNDB-2016-003023
db:CNNVDid:CNNVD-201606-133
db:NVDid:CVE-2016-1403

LAST UPDATE DATE
2024-11-23T22:07:49.205000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03859date:2016-06-08T00:00:00
db:VULHUBid:VHN-90222date:2016-06-07T00:00:00
db:BIDid:91037date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2016-003023date:2016-06-07T00:00:00
db:CNNVDid:CNNVD-201606-133date:2016-06-06T00:00:00
db:NVDid:CVE-2016-1403date:2024-11-21T02:46:22.660

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03859date:2016-06-08T00:00:00
db:VULHUBid:VHN-90222date:2016-06-04T00:00:00
db:BIDid:91037date:2016-06-03T00:00:00
db:JVNDBid:JVNDB-2016-003023date:2016-06-07T00:00:00
db:CNNVDid:CNNVD-201606-133date:2016-06-06T00:00:00
db:NVDid:CVE-2016-1403date:2016-06-04T14:59:01.407