CVE-2018-16220
Last modified
CVE-2018-16220 is a vulnerability of currently unknown severity. Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | 405hd Firmware | 2.2.12 |
References
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdfMitigation, Third Party Advisory
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdfMitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16220?
How severe is CVE-2018-16220?
How do I fix CVE-2018-16220?
Are you affected by CVE-2018-16220?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST