CVE-2019-1684

EPSS 0.15%
Published 21.02.2019 20:29:00
Last modified 21.11.2024 04:37:05
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ip Phone 8800 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8800 Version-

Cisco ≫ Ip Phone 7800 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 7800 Version-

Cisco ≫ Ip Conference Phone 7832 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Conference Phone 7832 Version-

Cisco ≫ Ip Conference Phone 8832 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Conference Phone 8832 Version-

Cisco ≫ Ip Phone 7811 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 7811 Version-

Cisco ≫ Ip Phone 7821 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 7821 Version-

Cisco ≫ Ip Phone 7841 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 7841 Version-

Cisco ≫ Ip Phone 7861 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 7861 Version-

Cisco ≫ Ip Phone 8811 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8811 Version-

Cisco ≫ Ip Phone 8841 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8841 Version-

Cisco ≫ Ip Phone 8845 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8845 Version-

Cisco ≫ Ip Phone 8851 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8851 Version-

Cisco ≫ Ip Phone 8861 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8861 Version-

Cisco ≫ Ip Phone 8865 Firmware Version < 12.6\(1\)mn80

Cisco ≫ Ip Phone 8865 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.315

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/107104

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1684

EUVD