CVE-2019-1922

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

CVSS 5.3 MEDIUMEPSS 1.3%CWE-476

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

06 jul 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Produtos afetados

Cisco · Cisco IP Phone 8800 Series Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos