What is CVE-2016-1434?

CVE-2016-1434 is a medium-severity vulnerability in Cisco Ip_phone_8800, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2016-06-23.

How severe is CVE-2016-1434?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Path Traversal in Cisco Ip_phone_8800

CVE-2016-1434

The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (37.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Cisco Ip_phone_8800
Cisco Ip_phone_8800_series_firmware — versions 11.0\(1\)
N/a — versions n/a

Weakness classification (CWE)

References

20160620 Cisco 8800 Series IP Phone Directory Traversal Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1036139 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-1434?: CVE-2016-1434 is a medium-severity vulnerability in Cisco Ip_phone_8800, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2016-06-23.
How severe is CVE-2016-1434?: Medium severity. CVSS v3 base score is 6.5 out of 10.