// For flags

CVE-2019-1683

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

Severity Score

7.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Una vulnerabilidad en el componente de manejo de certificados de los teléfonos IP de Cisco SPA112, SPA525 y SPA5X5 podría permitir que un atacante remoto no autenticado escuche o controle algunos aspectos de una conversación SIP (Session Initiation Protocol) cifrada por TLS (Transport Level Security). Esta vulnerabilidad se debe a la validación incorrecta de los certificados del servidor. Un atacante podría explotar esta vulnerabilidad mediante la manipulación de un certificado de servidor malicioso para presentarlo al cliente. Su explotación podría permitir que un atacante espíe el tráfico cifrado por TLS y pueda enrutar o redirigir llamadas iniciadas por un dispositivo afectado. Las versiones afectadas incluyen la 7.6.2 de Cisco Small Business SPA525 Series IP Phones y Cisco Small Business SPA5X5 Series IP Phones, así como la versión 1.4.2 de Cisco Small Business SPA500 Series IP Phones y Cisco Small Business SPA112 Series IP Phones.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-02-25 CVE Published
  • 2024-07-13 EPSS Updated
  • 2024-11-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Spa112 Firmware
Search vendor "Cisco" for product "Spa112 Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa112 Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa112
Search vendor "Cisco" for product "Spa112"
--
Safe
Cisco
Search vendor "Cisco"
 Spa525 Firmware
Search vendor "Cisco" for product "Spa525 Firmware"
 7.6.2
Search vendor "Cisco" for product "Spa525 Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa525
Search vendor "Cisco" for product "Spa525"
--
Safe
Cisco
Search vendor "Cisco"
 Spa5x5 Firmware
Search vendor "Cisco" for product "Spa5x5 Firmware"
 7.6.2
Search vendor "Cisco" for product "Spa5x5 Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa5x5
Search vendor "Cisco" for product "Spa5x5"
--
Safe
Cisco
Search vendor "Cisco"
 Spa500 Firmware
Search vendor "Cisco" for product "Spa500 Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa500 Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa500
Search vendor "Cisco" for product "Spa500"
--
Safe
Cisco
Search vendor "Cisco"
 Spa500s Firmware
Search vendor "Cisco" for product "Spa500s Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa500s Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa500s
Search vendor "Cisco" for product "Spa500s"
--
Safe
Cisco
Search vendor "Cisco"
 Spa500ds Firmware
Search vendor "Cisco" for product "Spa500ds Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa500ds Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa500ds
Search vendor "Cisco" for product "Spa500ds"
--
Safe
Cisco
Search vendor "Cisco"
 Spa501g Firmware
Search vendor "Cisco" for product "Spa501g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa501g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa501g
Search vendor "Cisco" for product "Spa501g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa502g Firmware
Search vendor "Cisco" for product "Spa502g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa502g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa502g
Search vendor "Cisco" for product "Spa502g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa504g Firmware
Search vendor "Cisco" for product "Spa504g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa504g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa504g
Search vendor "Cisco" for product "Spa504g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa508g Firmware
Search vendor "Cisco" for product "Spa508g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa508g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa508g
Search vendor "Cisco" for product "Spa508g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa509g Firmware
Search vendor "Cisco" for product "Spa509g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa509g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa509g
Search vendor "Cisco" for product "Spa509g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa512g Firmware
Search vendor "Cisco" for product "Spa512g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa512g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa512g
Search vendor "Cisco" for product "Spa512g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa514g Firmware
Search vendor "Cisco" for product "Spa514g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa514g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa514g
Search vendor "Cisco" for product "Spa514g"
--
Safe
Cisco
Search vendor "Cisco"
 Spa525g Firmware
Search vendor "Cisco" for product "Spa525g Firmware"
 1.4.2
Search vendor "Cisco" for product "Spa525g Firmware" and version "1.4.2"
-
Affected
in Cisco
Search vendor "Cisco"
 Spa525g
Search vendor "Cisco" for product "Spa525g"
--
Safe