Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2019-1922

Published: 06/07/2019 Updated: 09/10/2019
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the malicious user to cause the phone to reboot and not complete the registration process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ip_conference_phone_7832_firmware -

cisco ip_conference_phone_8832_firmware 11.5\\(1\\)

cisco ip_conference_phone_8832_firmware 12.5\\(1\\)

cisco ip_phone_7811_firmware -

cisco ip_phone_7821_firmware -

cisco ip_phone_7841_firmware -

cisco ip_phone_7861_firmware -

cisco ip_phone_8811_firmware 12.5\\(1\\)

cisco ip_phone_8811_firmware 11.5\\(1\\)

cisco ip_phone_8841_firmware 11.5\\(1\\)

cisco ip_phone_8841_firmware 12.5\\(1\\)

cisco ip_phone_8845_firmware 11.5\\(1\\)

cisco ip_phone_8845_firmware 12.5\\(1\\)

cisco ip_phone_8851_firmware 12.5\\(1\\)

cisco ip_phone_8851_firmware 11.5\\(1\\)

cisco ip_phone_8861_firmware 11.5\\(1\\)

cisco ip_phone_8861_firmware 12.5\\(1\\)

cisco ip_phone_8865_firmware 11.5\\(1\\)

cisco ip_phone_8865_firmware 12.5\\(1\\)

Vendor Advisories

Cisco: Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets An attacker could exploit this vuln ...

References

CWE-476https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-doshttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook