Lucene search

K
vulnrichmentCiscoVULNRICHMENT:CVE-2019-1887
HistoryJul 06, 2019 - 1:15 a.m.

CVE-2019-1887 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

2019-07-0601:15:22
CWE-787
cisco
github.com
1
cisco unified communications manager
sip protocol
dos vulnerability
remote attacker
input validation
malformed packet
registration process

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

Related for VULNRICHMENT:CVE-2019-1887