← Back

CVE-2019-1922

nvd nist
Published: Jul 6, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

Affected (19)

Cisco
12 products
Ip Conference Phone 7832 Firmware
Ip Conference Phone 8832 Firmware
Ip Phone 7811 Firmware
Ip Phone 7821 Firmware
Ip Phone 7841 Firmware
Ip Phone 7861 Firmware
Ip Phone 8811 Firmware
Ip Phone 8841 Firmware
Ip Phone 8845 Firmware
Ip Phone 8851 Firmware
Ip Phone 8861 Firmware
Ip Phone 8865 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 7832 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ip Conference Phone 7832
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Conference Phone 8832 Firmware
Version 11.5(1)
Ip Conference Phone 8832 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 8832
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7811 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ip Phone 7811
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7821 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ip Phone 7821
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7841 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ip Phone 7841
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7861 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ip Phone 7861
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8811 Firmware
Version 11.5(1)
Ip Phone 8811 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8811
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8841 Firmware
Version 11.5(1)
Ip Phone 8841 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8841
All versions
Configuration I
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8845 Firmware
Version 11.5(1)
Ip Phone 8845 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8845
All versions
Configuration J
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8851 Firmware
Version 11.5(1)
Ip Phone 8851 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8851
All versions
Configuration K
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8861 Firmware
Version 11.5(1)
Ip Phone 8861 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8861
All versions
Configuration L
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ip Phone 8865 Firmware
Version 11.5(1)
Ip Phone 8865 Firmware
Version 12.5(1)
Running on/withPlatform Versions
Cisco
Ip Phone 8865
All versions

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.