8.8
CVE-2018-0461
- EPSS 0.27%
- Veröffentlicht 10.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:16
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ip Phone 8800 Series Firmware Version12.5(1)
Cisco ≫ Ip Phone 8811 Version-
Cisco ≫ Ip Phone 8841 Version-
Cisco ≫ Ip Phone 8845 Version-
Cisco ≫ Ip Phone 8851 Version-
Cisco ≫ Ip Phone 8861 Version-
Cisco ≫ Ip Phone 8865 Version-
Cisco ≫ Ip Phone 8841 Version-
Cisco ≫ Ip Phone 8845 Version-
Cisco ≫ Ip Phone 8851 Version-
Cisco ≫ Ip Phone 8861 Version-
Cisco ≫ Ip Phone 8865 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.501 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| psirt@cisco.com | 6.5 | 3.9 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.