Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20190320-IP-PHONE-RCE
HistoryMar 20, 2019 - 4:00 p.m.

Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

2019-03-2016:00:00
tools.cisco.com
87

0.006 Low

EPSS

Percentile

79.2%

JSON

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.

The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce”]

Affected configurations

Vulners
Node
ciscoip_phone_8800_seriesMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscounified_ip_ivrMatchany
OR
ciscoip_phone_8800_seriesMatch8800_series_software
OR
ciscoip_phone_8800_seriesMatch7800_series
OR
ciscoip_phone_8800_seriesMatch8821
OR
ciscounified_ip_ivrMatch8831

Related

nessus 1
cvelist 1
nvd 1
cve 1
prion 1
nessus
nessus
Cisco IP Phones 7800 Series and 8800 Series Remote Code Execution (CVE-2019-1716)
2024-03-18 00:00:00
cvelist
cvelist
CVE-2019-1716 Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
2019-03-20 00:00:00
nvd
nvd
CVE-2019-1716
2019-03-22 20:29:00
cve
cve
CVE-2019-1716
2019-03-22 20:29:00
prion
prion
Design/Logic Flaw
2019-03-22 20:29:00

0.006 Low

EPSS

Percentile

79.2%

JSON
Related for CISCO-SA-20190320-IP-PHONE-RCE
nessus1cvelist1nvd1cve1prion1