CVE-2016-1421
HIGHCisco IP Phone 8800 Series RCE/DoS via Crafted HTTP Request
Title source: llmDescription
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
Various Sources vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-24
Scores
CVSS v3
7.5
EPSS
0.0412
EPSS Percentile
89.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (2)
Cisco/Cisco IP Phones
11.7(1)
cisco/ip_phone_8800_series_firmware
11.0\(1\)
Published
Jun 10, 2016
Tracked Since
Feb 18, 2026