Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Cisco IP Phone 8800: directory traversal via the license import

August 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can traverse directories via the license registration
of Cisco IP Phone 8800, in order to delete a file outside the
service root path.

Impacted products: Cisco IP Phone.

Severity: 2/4.

Creation date: 24/06/2016.

DESCRIPTION OF THE VULNERABILITY

The Cisco IP Phone 8800 product offers a way to import license
file.

However, the path specified by the user is not validated and an
attacker can trigger the removal of any file specified by its path.

An attacker can therefore traverse directories via the license
registration of Cisco IP Phone 8800, in order to delete a file
outside the service root path.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Cisco-IP-Phone-8800-directory-traversal-via-the-license-import-19967


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts