Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2019-1635

Published: 03/05/2019 Updated: 16/10/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote malicious user to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the malicious user to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ip_conference_phone_7832_firmware 10.3\\(1\\)sr4b

cisco ip_conference_phone_7832_firmware 9.3\\(4\\)sr3

cisco ip_conference_phone_7832_firmware 12.1\\(1\\)sr1

cisco ip_conference_phone_7832_firmware 11.0\\(4\\)sr2

cisco ip_conference_phone_8832_firmware 12.1\\(1\\)sr1

cisco ip_conference_phone_8832_firmware 11.0\\(4\\)sr2

cisco ip_conference_phone_8832_firmware 10.3\\(1\\)sr4b

cisco ip_conference_phone_8832_firmware 9.3\\(4\\)sr3

cisco ip_phone_7811_firmware 12.1\\(1\\)sr1

cisco ip_phone_7811_firmware 10.3\\(1\\)sr4b

cisco ip_phone_7811_firmware 9.3\\(4\\)sr3

cisco ip_phone_7811_firmware 11.0\\(4\\)sr2

cisco ip_phone_7821_firmware 12.1\\(1\\)sr1

cisco ip_phone_7821_firmware 11.0\\(4\\)sr2

cisco ip_phone_7821_firmware 10.3\\(1\\)sr4b

cisco ip_phone_7821_firmware 9.3\\(4\\)sr3

cisco ip_phone_7841_firmware 12.1\\(1\\)sr1

cisco ip_phone_7841_firmware 10.3\\(1\\)sr4b

cisco ip_phone_7841_firmware 9.3\\(4\\)sr3

cisco ip_phone_7841_firmware 11.0\\(4\\)sr2

cisco ip_phone_7861_firmware 12.1\\(1\\)sr1

cisco ip_phone_7861_firmware 10.3\\(1\\)sr4b

cisco ip_phone_7861_firmware 11.0\\(4\\)sr2

cisco ip_phone_7861_firmware 9.3\\(4\\)sr3

cisco ip_phone_8811_firmware 12.1\\(1\\)sr1

cisco ip_phone_8811_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8811_firmware 11.0\\(4\\)sr2

cisco ip_phone_8811_firmware 9.3\\(4\\)sr3

cisco ip_phone_8841_firmware 12.1\\(1\\)sr1

cisco ip_phone_8841_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8841_firmware 11.0\\(4\\)sr2

cisco ip_phone_8841_firmware 9.3\\(4\\)sr3

cisco ip_phone_8845_firmware 12.1\\(1\\)sr1

cisco ip_phone_8845_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8845_firmware 11.0\\(4\\)sr2

cisco ip_phone_8845_firmware 9.3\\(4\\)sr3

cisco ip_phone_8851_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8851_firmware 11.0\\(4\\)sr2

cisco ip_phone_8851_firmware 9.3\\(4\\)sr3

cisco ip_phone_8851_firmware 12.1\\(1\\)sr1

cisco ip_phone_8861_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8861_firmware 11.0\\(4\\)sr2

cisco ip_phone_8861_firmware 9.3\\(4\\)sr3

cisco ip_phone_8861_firmware 12.1\\(1\\)sr1

cisco ip_phone_8865_firmware 12.1\\(1\\)sr1

cisco ip_phone_8865_firmware 10.3\\(1\\)sr4b

cisco ip_phone_8865_firmware 11.0\\(4\\)sr2

cisco ip_phone_8865_firmware 9.3\\(4\\)sr3

cisco unified_ip_8831_conference_phone1_firmware 12.1\\(1\\)sr1

cisco unified_ip_8831_conference_phone1_firmware 10.3\\(1\\)sr4b

cisco unified_ip_8831_conference_phone1_firmware 9.3\\(4\\)sr3

cisco unified_ip_8831_conference_phone1_firmware 11.0\\(4\\)sr2

cisco unified_ip_8831_conference_phone_for_third-party_call_control2_firmware 12.1\\(1\\)sr1

cisco unified_ip_8831_conference_phone_for_third-party_call_control2_firmware 10.3\\(1\\)sr4b

cisco unified_ip_8831_conference_phone_for_third-party_call_control2_firmware 11.0\\(4\\)sr2

cisco unified_ip_8831_conference_phone_for_third-party_call_control2_firmware 9.3\\(4\\)sr3

cisco wireless_ip_phone_8821_firmware 12.1\\(1\\)sr1

cisco wireless_ip_phone_8821_firmware 10.3\\(1\\)sr4b

cisco wireless_ip_phone_8821_firmware 11.0\\(4\\)sr2

cisco wireless_ip_phone_8821_firmware 9.3\\(4\\)sr3

cisco wireless_ip_phone_8821-ex_firmware 12.1\\(1\\)sr1

cisco wireless_ip_phone_8821-ex_firmware 10.3\\(1\\)sr4b

cisco wireless_ip_phone_8821-ex_firmware 11.0\\(4\\)sr2

cisco wireless_ip_phone_8821-ex_firmware 9.3\\(4\\)sr3

Vendor Advisories

Cisco: Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition The vulnerability is due to incomplete error ha ...

References

CWE-755https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-doshttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-dos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook