CVE-2019-1716

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

22/03/2019

Last modified:

09/10/2019

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

7.50

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:cisco:ip_phone_8821_firmware::::::::		11.0\(4\)sr3 (excluding)
cpe:2.3:h:cisco:ip_phone_8821:-:::::::*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware::::::::		11.0\(4\)sr3 (excluding)
cpe:2.3:h:cisco:ip_phone_8821-ex:-:::::::*
cpe:2.3:o:cisco:ip_conference_phone_7800_firmware::::::::		12.5\(1\)sr1 (excluding)
cpe:2.3:h:cisco:ip_conference_phone_7800:-:::::::*
cpe:2.3:o:cisco:ip_phone_8800_firmware::::::::		12.5\(1\)sr1 (excluding)
cpe:2.3:h:cisco:ip_phone_8800:-:::::::*
cpe:2.3:o:cisco:unified_ip_conferenece_phone_8831_firmware::::::::		10.3\(1\)sr5 (excluding)
cpe:2.3:h:cisco:unified_ip_conferenece_phone_8831:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce

CPE	From	Up to
cpe:2.3:o:cisco:ip_phone_8821_firmware::::::::		11.0\(4\)sr3 (excluding)
cpe:2.3:h:cisco:ip_phone_8821:-:::::::*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware::::::::		11.0\(4\)sr3 (excluding)
cpe:2.3:h:cisco:ip_phone_8821-ex:-:::::::*
cpe:2.3:o:cisco:ip_conference_phone_7800_firmware::::::::		12.5\(1\)sr1 (excluding)
cpe:2.3:h:cisco:ip_conference_phone_7800:-:::::::*
cpe:2.3:o:cisco:ip_phone_8800_firmware::::::::		12.5\(1\)sr1 (excluding)
cpe:2.3:h:cisco:ip_phone_8800:-:::::::*
cpe:2.3:o:cisco:unified_ip_conferenece_phone_8831_firmware::::::::		10.3\(1\)sr5 (excluding)
cpe:2.3:h:cisco:unified_ip_conferenece_phone_8831:-:::::::*