Lucene search

[email protected]CVE-2019-1635

HistoryMay 03, 2019 - 3:29 p.m.

CVE-2019-1635

2019-05-0315:29:00

CWE-755

[email protected]

web.nvd.nist.gov

vulnerability

call-handling

cisco

ip phone

sip

dos

cve-2019-1635

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%

JSON

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

CPENameOperatorVersion
cisco:ip_conference_phone_7832_firmwarecisco ip conference phone 7832 firmwareeq9.3\(4\)sr3
cisco:ip_conference_phone_7832_firmwarecisco ip conference phone 7832 firmwareeq10.3\(1\)sr4b
cisco:ip_conference_phone_7832_firmwarecisco ip conference phone 7832 firmwareeq11.0\(4\)sr2
cisco:ip_conference_phone_7832_firmwarecisco ip conference phone 7832 firmwareeq12.1\(1\)sr1
cisco:ip_conference_phone_8832_firmwarecisco ip conference phone 8832 firmwareeq9.3\(4\)sr3
cisco:ip_conference_phone_8832_firmwarecisco ip conference phone 8832 firmwareeq10.3\(1\)sr4b
cisco:ip_conference_phone_8832_firmwarecisco ip conference phone 8832 firmwareeq11.0\(4\)sr2
cisco:ip_conference_phone_8832_firmwarecisco ip conference phone 8832 firmwareeq12.1\(1\)sr1
cisco:ip_phone_7811_firmwarecisco ip phone 7811 firmwareeq9.3\(4\)sr3
cisco:ip_phone_7811_firmwarecisco ip phone 7811 firmwareeq10.3\(1\)sr4b

CPE	Name	Operator	Version
cisco:ip_conference_phone_7832_firmware	cisco ip conference phone 7832 firmware	eq	9.3\(4\)sr3
cisco:ip_conference_phone_7832_firmware	cisco ip conference phone 7832 firmware	eq	10.3\(1\)sr4b
cisco:ip_conference_phone_7832_firmware	cisco ip conference phone 7832 firmware	eq	11.0\(4\)sr2
cisco:ip_conference_phone_7832_firmware	cisco ip conference phone 7832 firmware	eq	12.1\(1\)sr1
cisco:ip_conference_phone_8832_firmware	cisco ip conference phone 8832 firmware	eq	9.3\(4\)sr3
cisco:ip_conference_phone_8832_firmware	cisco ip conference phone 8832 firmware	eq	10.3\(1\)sr4b
cisco:ip_conference_phone_8832_firmware	cisco ip conference phone 8832 firmware	eq	11.0\(4\)sr2
cisco:ip_conference_phone_8832_firmware	cisco ip conference phone 8832 firmware	eq	12.1\(1\)sr1
cisco:ip_phone_7811_firmware	cisco ip phone 7811 firmware	eq	9.3\(4\)sr3
cisco:ip_phone_7811_firmware	cisco ip phone 7811 firmware	eq	10.3\(1\)sr4b

Rows per page:

1-10 of 641

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-dos

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2019-1635

nessus1 prion1 cvelist1 cisco1 threatpost1