What is CVE-2016-1421?

CVE-2016-1421 is a high-severity vulnerability in Cisco Ip Phones, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2016-06-10.

How severe is CVE-2016-1421?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Cisco Ip Phones

CVE-2016-1421

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Th…

Vulnerability class: Buffer Overflow

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Ip Phones — versions 11.7(1)
Cisco Ip_phone
Cisco Ip_phone_8800_series_firmware — versions 11.0\(1\)

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability (x_refsource_CISCO, vendor-advisory)
psirt@cisco.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-1421?: CVE-2016-1421 is a high-severity vulnerability in Cisco Ip Phones, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2016-06-10.
How severe is CVE-2016-1421?: High severity. CVSS v3 base score is 7.5 out of 10.