* Cisco Ip Phone 8800 Series Firmware 10.2(1)
* Cisco Ip Phone 8800 Series Firmware 10.2(2)
* Cisco Ip Phone 8800 Series Firmware 10.3
* Cisco Ip Phone 8800 Series Firmware 10.3(2)
* Cisco Ip Phone 8800 Series Firmware 11.0(1)
A vulnerability in a command-line interface (CLI) utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to execute operating system commands and escalate privileges to increase the level of access to the targeted system.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.