CVE-2019-1922

Published Jul 6, 2019

Last updated 5 years ago

CVSS high 7.5

Overview

Description: A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-476
ykramarz@cisco.com: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B0FADEF-5936-47C4-AE76-F9792EEB5FF0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D7DE83F-249F-49CD-975C-776C880600C0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DB28BD-AB6C-4BDB-B3EE-A2C09B6B522B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94058F1C-6BFD-4F04-ADEB-8A037DBD8A19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE866B51-B54D-42EB-A1AB-190C2F602774"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17087453-578E-4E0E-8C70-D449B0EA92F0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A13225-DCFA-41D0-A1B4-9C5E5C0D96C6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28644FCB-14E2-459F-B202-D1A30D75B458"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4401555-203E-4054-BD7E-087ABFA5DFF4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "273DEB37-E03D-4DBD-A844-7BBDB2B94B2E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6ECD3E1-F396-466E-BC3D-7A4F5D8DC702"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C11A77A-9C5F-4900-8AA5-8A9508F281CC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "420E3151-E2FB-4DB6-9889-71AD8ADBF39E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A337A74-D00D-4B9A-BB0C-73EC7EB5D4E4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF502337-A9AA-4539-87B9-F7406A637935"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F150FAB-C2DF-4EC0-A21A-DDAB1504B1DC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2197E7BD-827F-42FF-BB90-5AB4BB3B99F3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:11.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008987E5-52E3-420F-A720-CF72E8D529AC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3459146-D6AC-4119-9DD6-39CA0F0F1FFF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References