Details of VAR-201902-0450

ID

VAR-201902-0450

CVE

CVE-2019-1683

TITLE

plural Cisco SPA Vulnerability related to certificate validation in series products

Trust: 0.8

sources: JVNDB: JVNDB-2019-002108

DESCRIPTION

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. CiscoSPA112Series and other products are products of Cisco. A certificate validation component exists in the certificate processing component of CiscoSPA112, SPA525, and SPA5X5Series. (TLS) Encrypted Session Initiation Protocol (SIP) call. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm49157, CSCvn17125, CSCvn17128

Trust: 2.52

sources: NVD: CVE-2019-1683 // JVNDB: JVNDB-2019-002108 // CNVD: CNVD-2019-04936 // BID: 107111 // VULHUB: VHN-149015

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-04936

AFFECTED PRODUCTS

vendor:	cisco	model:	spa500	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa512g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa500s	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa500ds	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa502g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa508g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa504g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa525g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa112	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa509g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa5x5	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa525	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa514g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	spa501g	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	cisco	model:	small business spa500 series ip phone	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 112	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 500ds	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 500s	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 501g	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 502g	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 504g	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 508g	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 525	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 5x5	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa5x5 series	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	spa112	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	spa525	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business voice gateways and atas	scope:	eq	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phone	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	cisco	model:	small business ip phones	scope:	eq	version:	7.6.2	Trust: 0.3

sources: CNVD: CNVD-2019-04936 // BID: 107111 // JVNDB: JVNDB-2019-002108 // NVD: CVE-2019-1683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1683
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1683
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1683
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-04936
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201902-801
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1683
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-04936
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:H/AU:N/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-149015
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1683
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1683
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	4.2
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1683
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-04936 // VULHUB: VHN-149015 // JVNDB: JVNDB-2019-002108 // CNNVD: CNNVD-201902-801 // NVD: CVE-2019-1683 // NVD: CVE-2019-1683

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-149015 // JVNDB: JVNDB-2019-002108 // NVD: CVE-2019-1683

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-801

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201902-801

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002108

PATCH

title:	cisco-sa-20190220-ipphone-certs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs	Trust: 0.8
title:	Patch for CiscoSPA112, SPA525, and SPA5X5Series Certificate Validation Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/154139	Trust: 0.6
title:	Cisco SPA112 , SPA525 and SPA5X5 Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89595	Trust: 0.6

sources: CNVD: CNVD-2019-04936 // JVNDB: JVNDB-2019-002108 // CNNVD: CNNVD-201902-801

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1683	Trust: 3.4
db:	BID	id:	107111	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002108	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-801	Trust: 0.7
db:	CNVD	id:	CNVD-2019-04936	Trust: 0.6
db:	NSFOCUS	id:	42804	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0538	Trust: 0.6
db:	VULHUB	id:	VHN-149015	Trust: 0.1

sources: CNVD: CNVD-2019-04936 // VULHUB: VHN-149015 // BID: 107111 // JVNDB: JVNDB-2019-002108 // CNNVD: CNNVD-201902-801 // NVD: CVE-2019-1683

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ipphone-certs	Trust: 2.6
url:	http://www.securityfocus.com/bid/107111	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1683	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1683	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75898	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42804	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ip-phone-spax-privilege-escalation-via-certificate-validation-28574	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2019-04936 // VULHUB: VHN-149015 // BID: 107111 // JVNDB: JVNDB-2019-002108 // CNNVD: CNNVD-201902-801 // NVD: CVE-2019-1683

CREDITS

Cisco would like to thank Jan Dubov? for reporting this vulnerability.,Cisco ?? ??,Jan Dubov??

Trust: 0.6

sources: CNNVD: CNNVD-201902-801

SOURCES

db:	CNVD	id:	CNVD-2019-04936
db:	VULHUB	id:	VHN-149015
db:	BID	id:	107111
db:	JVNDB	id:	JVNDB-2019-002108
db:	CNNVD	id:	CNNVD-201902-801
db:	NVD	id:	CVE-2019-1683

LAST UPDATE DATE

2024-11-23T21:52:30.234000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-04936	date:	2019-02-22T00:00:00
db:	VULHUB	id:	VHN-149015	date:	2019-10-09T00:00:00
db:	BID	id:	107111	date:	2019-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-002108	date:	2019-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201902-801	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1683	date:	2024-11-21T04:37:05.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-04936	date:	2019-02-22T00:00:00
db:	VULHUB	id:	VHN-149015	date:	2019-02-25T00:00:00
db:	BID	id:	107111	date:	2019-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-002108	date:	2019-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201902-801	date:	2019-02-20T00:00:00
db:	NVD	id:	CVE-2019-1683	date:	2019-02-25T17:29:00.280