Cisco Bug: CSCup92459 - Path Traversal Vulnerability using image utility
Feb 14, 2018
- Cisco Unified IP Phones 9900 Series
Known Affected Releases
Symptoms: A vulnerability in the debug shell of Cisco Unified IP Phones 9900 Series could allow an unauthenticated, local attacker to write arbitrary files to arbitrary locations where the user has write privileges. The vulnerability is due to insufficient sanitization of user input. An attacker could exploit this vulnerability by accessing the local console and sending a crafted command to the system. Conditions: Device configured with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases