Sign-up

ID

VAR-201711-0366


CVE

CVE-2017-12305


TITLE

Cisco IP Phone 8800 Series debug interface command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-34931 // CNNVD: CNNVD-201711-674

DESCRIPTION

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. Vendors report this vulnerability Bug ID CSCvf80034 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The debuginterface is one of the debugging interfaces

Trust: 2.52

sources: NVD: CVE-2017-12305 // JVNDB: JVNDB-2017-010475 // CNVD: CNVD-2017-34931 // BID: 101869 // VULHUB: VHN-102814

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34931

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope: - version: -

Trust: 1.4

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ip phone seriesscope:eqversion:8800

Trust: 0.6

vendor:ciscomodel:ip phone seriesscope:eqversion:88000

Trust: 0.3

sources: CNVD: CNVD-2017-34931 // BID: 101869 // JVNDB: JVNDB-2017-010475 // CNNVD: CNNVD-201711-674 // NVD: CVE-2017-12305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12305
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12305
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34931
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-674
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102814
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12305
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34931
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102814
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12305
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34931 // VULHUB: VHN-102814 // JVNDB: JVNDB-2017-010475 // CNNVD: CNNVD-201711-674 // NVD: CVE-2017-12305

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-102814 // JVNDB: JVNDB-2017-010475 // NVD: CVE-2017-12305

THREAT TYPE

local

Trust: 0.9

sources: BID: 101869 // CNNVD: CNNVD-201711-674

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-674

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010475

PATCH
title:cisco-sa-20171115-ippurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
Trust: 0.8
title:CiscoIPPhone8800 Series debug interface command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/106613
Trust: 0.6
title:Cisco IP Phone 8800 series debug Repair measures for interface command injection vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76499
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34931 // 
            
            
            
            JVNDB: JVNDB-2017-010475 // 
            
            
            
            CNNVD: CNNVD-201711-674

EXTERNAL IDS
db:NVDid:CVE-2017-12305
Trust: 3.4
db:BIDid:101869
Trust: 2.6
db:SECTRACKid:1039829
Trust: 1.7
db:JVNDBid:JVNDB-2017-010475
Trust: 0.8
db:CNNVDid:CNNVD-201711-674
Trust: 0.7
db:CNVDid:CNVD-2017-34931
Trust: 0.6
db:VULHUBid:VHN-102814
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34931 // 
            
            
            
            VULHUB: VHN-102814 // 
            
            
            
            BID: 101869 // 
            
            
            
            JVNDB: JVNDB-2017-010475 // 
            
            
            
            CNNVD: CNNVD-201711-674 // 
            
            
            
            NVD: CVE-2017-12305

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-ipp
Trust: 2.6
url:http://www.securityfocus.com/bid/101869
Trust: 1.7
url:http://www.securitytracker.com/id/1039829
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12305
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12305
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34931 // 
            
            
            
            VULHUB: VHN-102814 // 
            
            
            
            BID: 101869 // 
            
            
            
            JVNDB: JVNDB-2017-010475 // 
            
            
            
            CNNVD: CNNVD-201711-674 // 
            
            
            
            NVD: CVE-2017-12305

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 101869

SOURCES
db:CNVDid:CNVD-2017-34931
db:VULHUBid:VHN-102814
db:BIDid:101869
db:JVNDBid:JVNDB-2017-010475
db:CNNVDid:CNNVD-201711-674
db:NVDid:CVE-2017-12305

LAST UPDATE DATE
2024-11-23T22:12:47.963000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34931date:2017-11-22T00:00:00
db:VULHUBid:VHN-102814date:2019-10-09T00:00:00
db:BIDid:101869date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010475date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-674date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12305date:2024-11-21T03:09:16.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34931date:2017-11-22T00:00:00
db:VULHUBid:VHN-102814date:2017-11-16T00:00:00
db:BIDid:101869date:2017-11-15T00:00:00
db:JVNDBid:JVNDB-2017-010475date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-674date:2017-11-20T00:00:00
db:NVDid:CVE-2017-12305date:2017-11-16T07:29:00.507