CVE-2019-1922

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

CVSS 5.3 MEDIUMEPSS 1.3%CWE-476

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

06 jul 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Productos afectados

Cisco · Cisco IP Phone 8800 Series Software

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos