CVE-2019-1635
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.
Affected (64)
Products: Cisco: Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8811 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8861 Firmware, Ip Phone 8865 Firmware, Unified Ip 8831 Conference Phone1 Firmware, Unified Ip 8831 Conference Phone For Third Party Call Control2 Firmware, Wireless Ip Phone 8821 Firmware, Wireless Ip Phone 8821 Ex Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Conference Phone 7832 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Conference Phone 8832 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7811 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7821 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7841 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7861 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8811 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8841 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8845 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8851 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8861 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8865 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip 8831 Conference Phone1 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip 8831 Conference Phone For Third Party Call Control2 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Wireless Ip Phone 8821 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)sr4b |
| Running on/with | Platform Versions |
|---|---|
Cisco Wireless Ip Phone 8821 Ex | All versions |
Related CWEs
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.