A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.80825
Percentile: 0.99084

CVSS Scoring

KEV is present

Mapped CWE(s)

• CWE-20 : Improper Input Validation

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1562.003 : Impair Command History Logging
  Kill Chain: defense-evasion
• T1574.006 : Dynamic Linker Hijacking
  Kill Chain: persistence
• T1574.007 : Path Interception by PATH Environment Variable
  Kill Chain: persistence
• T1027 : Obfuscated Files or Information
  Kill Chain: defense-evasion
• T1539 : Steal Web Session Cookie
  Kill Chain: credential-access
• T1036.001 : Invalid Code Signature
  Kill Chain: defense-evasion
• T1553.002 : Code Signing
  Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:o:cisco:ip_phone_8865_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8851_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_7841_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_7821_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8811_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8861_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8845_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_7861_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8841_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_7811_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:8831_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
• cpe:2.3:o:cisco:8831_firmware:11.0\(1\):*:*:*:*:*:*:*
• cpe:2.3:o:cisco:8831_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*

← Back to Home