What is CVE-2018-0461?

CVE-2018-0461 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under Code Injection. CVSS score: 6.5/10. Published 2019-01-10.

How severe is CVE-2018-0461?

Medium severity. CVSS v3 base score is 6.5 out of 10.

RCE in Cisco Ip Phone 8800 Series Software

CVE-2018-0461

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an a…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.015 (70.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Cisco Ip Phone 8800 Series Software — versions n/a
Cisco Ip_phone_8800_series_firmware — versions 12.5\(1\)
Cisco Ip_phone_8811
Cisco Ip_phone_8841
Cisco Ip_phone_8845
Cisco Ip_phone_8851
Cisco Ip_phone_8861
Cisco Ip_phone_8865

Weakness classification (CWE)

CWE-94 — Code Injection

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2018-0461?: CVE-2018-0461 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under Code Injection. CVSS score: 6.5/10. Published 2019-01-10.
How severe is CVE-2018-0461?: Medium severity. CVSS v3 base score is 6.5 out of 10.