CVE-2019-1887

Published: Jul 6, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.

Affected (4)

Products: Cisco: Unified Communications Manager

Cisco

1 product

Unified Communications Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager	Version 10.5(2.10000.5)
Cisco Unified Communications Manager	Version 11.5(1.10000.6)
Cisco Unified Communications Manager	Version 12.0(1.10000.10)
Cisco Unified Communications Manager	Version 12.5(1.10000.22)

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos

Source: psirt@cisco.com

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.