CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0341
https://notcve.org/view.php?id=CVE-2018-0341
16 Jul 2018 — A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426. Una vulnerabilidad en la interfaz de usuario web ... • http://www.securityfocus.com/bid/104731 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0316
https://notcve.org/view.php?id=CVE-2018-0316
07 Jun 2018 — A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this ... • http://www.securitytracker.com/id/1041073 • CWE-399: Resource Management Errors CWE-755: Improper Handling of Exceptional Conditions •