Guest

Preview Tool

Cisco Bug: CSCup92459 - Path Traversal Vulnerability using image utility

Last Modified

Feb 02, 2017

Products (1)

  • Cisco Unified IP Phones 9900 Series

Known Affected Releases

9.3(4.24)

Description (partial)

Symptoms:
A vulnerability in the debug shell of Cisco Unified IP Phones 9900 Series could allow an unauthenticated, local attacker to write arbitrary files
to arbitrary locations where the user has write privileges.

The vulnerability is due to insufficient sanitization of user input. An attacker could exploit this vulnerability by accessing the local console
and sending a crafted command to the system.

Conditions:
Device configured with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.