Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability

Cisco IP Phone 8800 Series are prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code within the context of the affected application.

This issue is tracked by Cisco Bug ID CSCvm95999.

Information

Bugtraq ID: 106515
Class: Input Validation Error
CVE: CVE-2018-0461

Remote: Yes
Local: No
Published: Jan 09 2019 12:00AM
Updated: Jan 09 2019 12:00AM
Credit: IoT Inspector Team and Werner Schober.
Vulnerable: Cisco IP Phone 8800 Series 12.5(1)

Not Vulnerable: Cisco IP Phone 8800 Series 12.5(1)MN515

Exploit

To launch an attack, an attacker must entice a victim into viewing a malicious website.

References:

Cisco Homepage (Cisco)
Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit