← back
CVE-2016-1421

CVE-2016-1421

EPSS 4.1%CWE-119
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 4.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
10 Jun 2016Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Affected products
Cisco · Cisco IP Phones

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipphttps://www.tenable.com/security/research/tra-2020-24http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp