CVE-2018-19977

Name: CVE-2018-19977
Creator: NVD / NIST
Published: 2019-05-29T18:29:00.897+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.18%

Last modified Jun 17, 2026

CVE-2018-19977 is a vulnerability of currently unknown severity. A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.. EPSS estimates a 4.18% chance of exploitation in the next 30 days.

Description

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.

Metrics

EPSS Probability

4.18%

89.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Auerswald	Comfortel 1200 Ip Firmware	3.4.4.1-10589

References

https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.htmlProduct, Vendor Advisory
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Auerswald_COMfortel_1200_IP.pdf?_=1549376183Exploit, Third Party Advisory
https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.htmlProduct, Vendor Advisory
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Auerswald_COMfortel_1200_IP.pdf?_=1549376183Exploit, Third Party Advisory

Timeline

Published: May 29, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-19977?

How severe is CVE-2018-19977?

Severity scoring for CVE-2018-19977 is pending analysis. The EPSS model estimates a 4.18% probability of exploitation in the next 30 days.

How do I fix CVE-2018-19977?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19977?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST