Details of VAR-201807-0996

ID

VAR-201807-0996

CVE

CVE-2018-0341

TITLE

plural Cisco IP Phone Command injection vulnerability in product multi-platform firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-008399

DESCRIPTION

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426. Vendors have confirmed this vulnerability Bug ID CSCvi51426 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products are prone to a remote command-injection vulnerability. Multiplatform Firmware is a set of firewall software that supports multiple platforms running on it

Trust: 1.98

sources: NVD: CVE-2018-0341 // JVNDB: JVNDB-2018-008399 // BID: 104731 // VULHUB: VHN-118543

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone multiplatform	scope:	eq	version:	11.1\(2\)	Trust: 1.6
vendor:	cisco	model:	ip phone	scope:	lt	version:	11.2(1)	Trust: 0.8
vendor:	cisco	model:	ip phone series with multiplatform	scope:	eq	version:	880011.0(2)	Trust: 0.3
vendor:	cisco	model:	ip phone series with multiplatform	scope:	eq	version:	780011.0(2)	Trust: 0.3
vendor:	cisco	model:	ip phone series with multiplatform	scope:	eq	version:	680011.0(2)	Trust: 0.3
vendor:	cisco	model:	ip phone series with multiplatform	scope:	ne	version:	880011.2(1)	Trust: 0.3
vendor:	cisco	model:	ip phone series with multiplatform	scope:	ne	version:	780011.2(1)	Trust: 0.3
vendor:	cisco	model:	ip phone series with multiplatform	scope:	ne	version:	680011.2(1)	Trust: 0.3

sources: BID: 104731 // JVNDB: JVNDB-2018-008399 // CNNVD: CNNVD-201807-1224 // NVD: CVE-2018-0341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0341
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0341
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1224
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118543
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0341
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118543
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118543 // JVNDB: JVNDB-2018-008399 // CNNVD: CNNVD-201807-1224 // NVD: CVE-2018-0341

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.9
problemtype:	CWE-78	Trust: 1.1

sources: VULHUB: VHN-118543 // JVNDB: JVNDB-2018-008399 // NVD: CVE-2018-0341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1224

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-1224

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008399

PATCH

title:	cisco-sa-20180711-phone-webui-inject	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject	Trust: 0.8
title:	Cisco IP Phone 6800 , 7800 and 8800 Repairs for Series Command Injection Vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82168	Trust: 0.6

sources: JVNDB: JVNDB-2018-008399 // CNNVD: CNNVD-201807-1224

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0341	Trust: 2.8
db:	BID	id:	104731	Trust: 2.0
db:	SECTRACK	id:	1041285	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-008399	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1224	Trust: 0.6
db:	VULHUB	id:	VHN-118543	Trust: 0.1

sources: VULHUB: VHN-118543 // BID: 104731 // JVNDB: JVNDB-2018-008399 // CNNVD: CNNVD-201807-1224 // NVD: CVE-2018-0341

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180711-phone-webui-inject	Trust: 2.0
url:	http://www.securityfocus.com/bid/104731	Trust: 1.7
url:	http://www.securitytracker.com/id/1041285	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0341	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0341	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118543 // BID: 104731 // JVNDB: JVNDB-2018-008399 // CNNVD: CNNVD-201807-1224 // NVD: CVE-2018-0341

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 104731

SOURCES

db:	VULHUB	id:	VHN-118543
db:	BID	id:	104731
db:	JVNDB	id:	JVNDB-2018-008399
db:	CNNVD	id:	CNNVD-201807-1224
db:	NVD	id:	CVE-2018-0341

LAST UPDATE DATE

2024-11-23T22:55:50.067000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118543	date:	2019-10-09T00:00:00
db:	BID	id:	104731	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008399	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1224	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0341	date:	2024-11-21T03:38:01.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118543	date:	2018-07-16T00:00:00
db:	BID	id:	104731	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008399	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1224	date:	2018-07-17T00:00:00
db:	NVD	id:	CVE-2018-0341	date:	2018-07-16T17:29:00.237