What is CVE-2017-12305?

CVE-2017-12305 is a medium-severity vulnerability in Cisco Ip_phone_8800_series_firmware, classified under Command Injection. CVSS score: 6.7/10. Published 2017-11-16.

How severe is CVE-2017-12305?

Medium severity. CVSS v3 base score is 6.7 out of 10.

RCE in Cisco Ip_phone_8800_series_firmware

CVE-2017-12305

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Ip_phone_8800_series_firmware
N/a Cisco Ip Phone 8800 Series — versions Cisco IP Phone 8800 Series

Weakness classification (CWE)

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-12305?: CVE-2017-12305 is a medium-severity vulnerability in Cisco Ip_phone_8800_series_firmware, classified under Command Injection. CVSS score: 6.7/10. Published 2017-11-16.
How severe is CVE-2017-12305?: Medium severity. CVSS v3 base score is 6.7 out of 10.