Lucene search

[email protected]NVD:CVE-2019-1684

HistoryFeb 21, 2019 - 8:29 p.m.

CVE-2019-1684

2019-02-2120:29:00

CWE-399

CWE-119

[email protected]

web.nvd.nist.gov

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

29.2%

JSON

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.

Affected configurations

NVD

Node

ciscoip_phone_8800_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8800Match-

Node

ciscoip_phone_7800_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_7800Match-

Node

ciscoip_conference_phone_7832_firmwareRange<12.6\(1\)mn80

AND

ciscoip_conference_phone_7832Match-

Node

ciscoip_conference_phone_8832_firmwareRange<12.6\(1\)mn80

AND

ciscoip_conference_phone_8832Match-

Node

ciscoip_phone_7811_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_7811Match-

Node

ciscoip_phone_7821_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_7821Match-

Node

ciscoip_phone_7841_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_7841Match-

Node

ciscoip_phone_7861_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_7861Match-

Node

ciscoip_phone_8811_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8811Match-

Node

ciscoip_phone_8841_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8841Match-

Node

ciscoip_phone_8845_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8851_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8861_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8865_firmwareRange<12.6\(1\)mn80

AND

ciscoip_phone_8865Match-

References

www.securityfocus.com/bid/107104

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for NVD:CVE-2019-1684

cvelist1 cve1 cisco1 nessus1 prion1