CVE-2019-1684

Published: Feb 21, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.

Affected (14)

Products: Cisco: Ip Phone 8800 Firmware, Ip Phone 7800 Firmware, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8811 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8861 Firmware, Ip Phone 8865 Firmware

Cisco

14 products

Ip Phone 8800 Firmware

Ip Phone 7800 Firmware

Ip Conference Phone 7832 Firmware

Ip Conference Phone 8832 Firmware

Ip Phone 7811 Firmware

Ip Phone 7821 Firmware

Ip Phone 7841 Firmware

Ip Phone 7861 Firmware

Ip Phone 8811 Firmware

Ip Phone 8841 Firmware

Ip Phone 8845 Firmware

Ip Phone 8851 Firmware

Ip Phone 8861 Firmware

Ip Phone 8865 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8800 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8800	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7800 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 7800	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Conference Phone 7832 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Conference Phone 7832	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Conference Phone 8832 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Conference Phone 8832	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 Firmware	Before 12.6\(1\)mn80

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-399

References (4)

http://www.securityfocus.com/bid/107104

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/107104

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.