Vigil@nce - Cisco IP Phone 8800: directory traversal via the license import
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can traverse directories via the license registration
of Cisco IP Phone 8800, in order to delete a file outside the
service root path.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Creation date: 24/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IP Phone 8800 product offers a way to import license
file.
However, the path specified by the user is not validated and an
attacker can trigger the removal of any file specified by its path.
An attacker can therefore traverse directories via the license
registration of Cisco IP Phone 8800, in order to delete a file
outside the service root path.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN