CVE-2019-1922

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
ciscoCNA
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
ciscoip_conference_phone_7832_firmware
-
ciscoip_conference_phone_8832_firmware
11.5\(1\)
ciscoip_conference_phone_8832_firmware
12.5\(1\)
ciscoip_phone_7811_firmware
-
ciscoip_phone_7821_firmware
-
ciscoip_phone_7841_firmware
-
ciscoip_phone_7861_firmware
-
ciscoip_phone_8811_firmware
11.5\(1\)
ciscoip_phone_8811_firmware
12.5\(1\)
ciscoip_phone_8841_firmware
11.5\(1\)
ciscoip_phone_8841_firmware
12.5\(1\)
ciscoip_phone_8845_firmware
11.5\(1\)
ciscoip_phone_8845_firmware
12.5\(1\)
ciscoip_phone_8851_firmware
11.5\(1\)
ciscoip_phone_8851_firmware
12.5\(1\)
ciscoip_phone_8861_firmware
11.5\(1\)
ciscoip_phone_8861_firmware
12.5\(1\)
ciscoip_phone_8865_firmware
11.5\(1\)
ciscoip_phone_8865_firmware
12.5\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos