Cisco 8800 Series IP Phone Unauthorized Access Vulnerability (CVE-2016-1435)

Cisco 8800 Series IP Phone Unauthorized Access Vulnerability (CVE-2016-1435)
Cisco 8800 Series IP Phone Unauthorized Access Vulnerability (CVE-2016-1435)

Release date:
Updated on:

Affected Systems:

Cisco IP Phone 8800

Description:

CVE (CAN) ID: CVE-2016-1435

Cisco IP 8800 Series Phones is a digital telephone system product.

A security vulnerability exists in the file system permissions of Cisco 8800 Series IP Phones 11.0 (1). Remote attackers can exploit this vulnerability to access arbitrary files.

<* Source: Cisco


Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp
*>

Suggestion:

Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160620-ipp) and patches for this:
Cisco-sa-20160620-ipp: Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp

This article permanently updates the link address: