CVE-2016-1403

CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\(1\):::::::*
	cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\(2\):::::::*
	cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3:::::::*
	cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\(2\):::::::*
	cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\(1\):::::::*

History

21 Nov 2024, 02:46

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp - Vendor Advisory

Information

Published : 2016-06-04 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-1403

Mitre link : CVE-2016-1403

CVE.ORG link : CVE-2016-1403

JSON object : View

Products Affected

cisco

ip_phone_8800_series_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2016-1403", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-06-04T14:59:01.407", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005."}, {"lang": "es", "value": "Tel\u00e9fonos CISCO IP 8800 con software 11.0.1 y versiones anteriores permite a usuarios locales obtener privilegios para para la ejecuci\u00f3n de comandos SO a trav\u00e9s de comandos CLI manipulados, tambi\u00e9n conocida como Bug ID CSCuz03005."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6B61C89-25CD-40A5-B27D-5DC9FCB49885"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0071D010-06B7-49BC-A2A7-11CE1383B113"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6DAAB5A-70C6-4FEE-B6D4-91919B3A0CB4"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05ED7BA0-6B55-4A04-BBAF-102B99248302"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}