CVE-2019-1922

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

Una vulnerabilidad en el software SIP IP Phone de Cisco para IP Phone 7800 Series y 8800 Series de Cisco, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un teléfono afectado. La vulnerabilidad es debido a una comprobación insuficiente de paquetes de entrada de Session Initiation Protocol (SIP). Un atacante podría explotar esta vulnerabilidad al modificar las respuestas SIP que se envían al teléfono afectado durante el proceso de registro. Un ataque con éxito podría permitir que el atacante cause que el teléfono se reinicie y no complete el proceso de registro.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-07-06 CVE Published
2023-03-07 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ip Conference Phone 7832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ip Conference Phone 7832 Search vendor "Cisco" for product "Ip Conference Phone 7832"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Conference Phone 8832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Conference Phone 8832 Search vendor "Cisco" for product "Ip Conference Phone 8832"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Conference Phone 8832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Conference Phone 8832 Search vendor "Cisco" for product "Ip Conference Phone 8832"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 7811 Firmware Search vendor "Cisco" for product "Ip Phone 7811 Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 7821 Firmware Search vendor "Cisco" for product "Ip Phone 7821 Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 7841 Firmware Search vendor "Cisco" for product "Ip Phone 7841 Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 7861 Firmware Search vendor "Cisco" for product "Ip Phone 7861 Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware"	11.5\(1\) Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version "11.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware"	12.5\(1\) Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version "12.5\(1\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865"	-	-	Safe