Cisco IP Phones 7800 and 8800 Series Session Initiation Protocol Denial of Service (CVE-2019-1922)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502107);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");

  script_cve_id("CVE-2019-1922");

  script_name(english:"Cisco IP Phones 7800 and 8800 Series Session Initiation Protocol Denial of Service (CVE-2019-1922)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800
Series and 8800 Series could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected phone. The
vulnerability is due to insufficient validation of input Session
Initiation Protocol (SIP) packets. An attacker could exploit this
vulnerability by altering the SIP replies that are sent to the
affected phone during the registration process. A successful exploit
could allow the attacker to cause the phone to reboot and not complete
the registration process.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba02a381");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1922");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(476);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7800_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8800_series_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:ip_phone_7800_series_firmware" :
        {"versionEndIncluding" : "11.5(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:ip_phone_8800_series_firmware" :
        {"versionEndIncluding" : "11.5(1)", "family" : "CiscoIPPhones"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);