CVE-2018-0461

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106515	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8800_series_firmware:12.5\(1\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ip_phone_8811:-:::::::*
	cpe:2.3:h:cisco:ip_phone_8841:-:::::::*
	cpe:2.3:h:cisco:ip_phone_8845:-:::::::*
	cpe:2.3:h:cisco:ip_phone_8851:-:::::::*
	cpe:2.3:h:cisco:ip_phone_8861:-:::::::*
	cpe:2.3:h:cisco:ip_phone_8865:-:::::::*

History

No history.

Information

Published : 2019-01-10 16:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-0461

Mitre link : CVE-2018-0461

CVE.ORG link : CVE-2018-0461

JSON object : View

Products Affected

cisco

ip_phone_8861
ip_phone_8800_series_firmware
ip_phone_8841
ip_phone_8851
ip_phone_8811
ip_phone_8845
ip_phone_8865

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2018-0461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2019-01-10T16:29:00.287", "references": [{"url": "http://www.securityfocus.com/bid/106515", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco IP Phone 8800 Series podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de inyecci\u00f3n de scripts en un sistema afectado. La vulnerabilidad existe debido a que el software que se ejecuta en un dispositivo afectado no valida lo suficiente los datos proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que haga clic sobre un enlace malicioso que se le proporciona o mediante la interfaz de un dispositivo afectado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz de usuario o acceder a informaci\u00f3n sensible del sistema, lo que en circunstancias normales deber\u00eda estar prohibido."}], "lastModified": "2019-10-09T23:32:08.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:12.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98070A9A-E891-490E-9D20-65BB551DC9EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"}, {"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"}, {"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"}, {"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"}, {"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"}, {"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}