Vigil@nce - Cisco IP Phone 8800: code execution via btcli
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use btcli of Cisco IP Phone 8800, in
order to run privileged code.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Creation date: 06/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IP Phone 8800 product offers a btcli utility.
However, an attacker can inject commands in btcli, which are run
with system privileges.
An authenticated attacker can therefore use btcli of Cisco IP
Phone 8800, in order to run privileged code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-IP-Phone-8800-code-execution-via-btcli-19796