CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19977

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.4%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 7.7

References

https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.html
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Auerswald_COMfortel_1200_IP.pdf?_=1549376183
https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.html
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Auerswald_COMfortel_1200_IP.pdf?_=1549376183

Products affected by CVE-2018-19977

Auerswald » Comfortel 1200 Ip » Version: N/A

cpe:2.3:h:auerswald:comfortel_1200_ip:-
Auerswald » Comfortel 1200 Ip Firmware » Version: 3.4.4.1-10589

cpe:2.3:o:auerswald:comfortel_1200_ip_firmware:3.4.4.1-10589

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19977

Products

Pricing

Contact Us