Lucene search

[email protected]CVE-2019-16008

HistoryJan 26, 2020 - 5:15 a.m.

CVE-2019-16008

2020-01-2605:15:14

CWE-79

[email protected]

web.nvd.nist.gov

113

cisco

ip phone

6800

7800

8800

series

multiplatform firmware

web-based gui

xss

vulnerability

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected configurations

NVD

Node

ciscoip_phone_6841_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6841Match-

Node

ciscoip_phone_6851_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6851Match-

Node

ciscoip_phone_6825_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6825Match-

Node

ciscoip_phone_6861_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6861Match-

Node

ciscoip_phone_6871_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6871Match-

Node

ciscoip_phone_6821_firmwareRange<11.3\(1\)

AND

ciscoip_phone_6821Match-

Node

ciscoip_phone_7811_firmwareRange<11.3\(1\)

AND

ciscoip_phone_7811Match-

Node

ciscoip_phone_7821_firmwareRange<11.3\(1\)

AND

ciscoip_phone_7821Match-

Node

ciscoip_phone_7832_firmwareRange<11.3\(1\)

AND

ciscoip_phone_7832Match-

Node

ciscoip_phone_7841_firmwareRange<11.3\(1\)

AND

ciscoip_phone_7841Match-

Node

ciscoip_phone_7861_firmwareRange<11.3\(1\)

AND

ciscoip_phone_7861Match-

Node

ciscoip_phone_8811_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8811Match-

Node

ciscoip_phone_8831_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8831Match-

Node

ciscoip_phone_8832_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8832Match-

Node

ciscoip_phone_8841_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8841Match-

Node

ciscoip_phone_8845_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8851_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8861_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8865_firmwareRange<11.3\(1\)

AND

ciscoip_phone_8865Match-

CPENameOperatorVersion
cisco:ip_phone_6841_firmwarecisco ip phone 6841 firmwarelt11.3\(1\)

CPE	Name	Operator	Version
cisco:ip_phone_6841_firmware	cisco ip phone 6841 firmware	lt	11.3\(1\)

CNA Affected

[
  {
    "product": "Cisco IP Phone 7800 Series with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVE-2019-16008

nvd1 cisco1 prion1 nessus1 cvelist1