Guest

Preview Tool

Cisco Bug: CSCup90458 - Webs Popen Shell Command Execution Vulnerability

Last Modified

Jun 11, 2020

Products (1)

  • Cisco Unified IP Phones 9900 Series

Known Affected Releases

9.3(4.24)

Description (partial)

Symptoms:
There was a concern that the Peer Firmware Sharing feature had an input validation issue. After extensive discussion it was determined that the
input was not actually used anywhere in the system and that this is not a vulnerability. This is a modification on the product to adopt new
secure code best practices to enhance the security posture and resiliency of the product.

Conditions:
Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.