CVE-2019-1922

EPSS 0.78%
Published 06.07.2019 02:15:11
Last modified 21.11.2024 04:37:41
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ip Conference Phone 7832 Firmware Version-

Cisco ≫ Ip Conference Phone 7832 Version-

Cisco ≫ Ip Conference Phone 8832 Firmware Version11.5(1)

Cisco ≫ Ip Conference Phone 8832 Version-

Cisco ≫ Ip Conference Phone 8832 Firmware Version12.5(1)

Cisco ≫ Ip Conference Phone 8832 Version-

Cisco ≫ Ip Phone 7811 Firmware Version-

Cisco ≫ Ip Phone 7811 Version-

Cisco ≫ Ip Phone 7821 Firmware Version-

Cisco ≫ Ip Phone 7821 Version-

Cisco ≫ Ip Phone 7841 Firmware Version-

Cisco ≫ Ip Phone 7841 Version-

Cisco ≫ Ip Phone 7861 Firmware Version-

Cisco ≫ Ip Phone 7861 Version-

Cisco ≫ Ip Phone 8811 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8811 Version-

Cisco ≫ Ip Phone 8811 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8811 Version-

Cisco ≫ Ip Phone 8841 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8841 Version-

Cisco ≫ Ip Phone 8841 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8841 Version-

Cisco ≫ Ip Phone 8845 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8845 Version-

Cisco ≫ Ip Phone 8845 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8845 Version-

Cisco ≫ Ip Phone 8851 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8851 Version-

Cisco ≫ Ip Phone 8851 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8851 Version-

Cisco ≫ Ip Phone 8861 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8861 Version-

Cisco ≫ Ip Phone 8861 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8861 Version-

Cisco ≫ Ip Phone 8865 Firmware Version11.5(1)

Cisco ≫ Ip Phone 8865 Version-

Cisco ≫ Ip Phone 8865 Firmware Version12.5(1)

Cisco ≫ Ip Phone 8865 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.78%	0.725

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1922

EUVD