CVE-2016-1421

HIGH

Cisco IP Phone 8800 Series RCE/DoS via Crafted HTTP Request

Title source: llm
STIX 2.1

Description

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-24

Scores

CVSS v3 7.5
EPSS 0.0412
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (2)
Cisco/Cisco IP Phones 11.7(1)
cisco/ip_phone_8800_series_firmware 11.0\(1\)
Published Jun 10, 2016
Tracked Since Feb 18, 2026