Sign-up

ID

VAR-201902-0452


CVE

CVE-2019-1684


TITLE

Cisco IP Phone 7800 and 8800 Resource management vulnerability in the series

Trust: 0.8

sources: JVNDB: JVNDB-2019-001931

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected. Cisco IP Phone 7800 and 8800 The series contains vulnerabilities related to resource management.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug IDs CSCvn47250

Trust: 1.89

sources: NVD: CVE-2019-1684 // JVNDB: JVNDB-2019-001931 // BID: 107104

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 7821scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8800scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip conference phone 7832scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 7800scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip conference phone 8832scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:ltversion:12.6\(1\)mn80

Trust: 1.0

vendor:ciscomodel:ip phone 7800 seriesscope:ltversion:12.6(1)mn80

Trust: 0.8

vendor:ciscomodel:ip phone 8800 seriesscope:ltversion:12.6(1)mn80

Trust: 0.8

vendor:ciscomodel:wireless ip phonescope:eqversion:88210

Trust: 0.3

vendor:ciscomodel:unified ip conference phone for third-party call controlscope:eqversion:88310

Trust: 0.3

vendor:ciscomodel:unified ip conference phonescope:eqversion:88310

Trust: 0.3

vendor:ciscomodel:ip phone with multiplatformscope:eqversion:88650

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:88650

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:88610

Trust: 0.3

vendor:ciscomodel:ip phone series with multiplatformscope:eqversion:88000

Trust: 0.3

vendor:ciscomodel:ip phone seriesscope:eqversion:880012.1(1)

Trust: 0.3

vendor:ciscomodel:ip phone seriesscope:eqversion:88000

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:78610

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:78410

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:78210

Trust: 0.3

vendor:ciscomodel:ip phonescope:eqversion:78110

Trust: 0.3

vendor:ciscomodel:ip conference phonescope:eqversion:88320

Trust: 0.3

vendor:ciscomodel:ip conference phonescope:eqversion:78320

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ciscomodel:ip phone series 12.6 mn80scope:neversion:8800

Trust: 0.3

vendor:ciscomodel:ip phone series 12.5 es1scope:neversion:8800

Trust: 0.3

vendor:ciscomodel:ip phone series 12.1 sr2.1scope:neversion:8800

Trust: 0.3

sources: BID: 107104 // JVNDB: JVNDB-2019-001931 // NVD: CVE-2019-1684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1684
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1684
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1684
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-797
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-1684
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1684
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1684
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-001931 // CNNVD: CNNVD-201902-797 // NVD: CVE-2019-1684 // NVD: CVE-2019-1684

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

problemtype:CWE-119

Trust: 1.0

sources: JVNDB: JVNDB-2019-001931 // NVD: CVE-2019-1684

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201902-797

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-797

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001931

PATCH
title:cisco-sa-20190220-cdp-lldp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos
Trust: 0.8
title:Cisco IP Phone 7800  and 8800 Series Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89591
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001931 // 
            
            
            
            CNNVD: CNNVD-201902-797

EXTERNAL IDS
db:NVDid:CVE-2019-1684
Trust: 2.7
db:BIDid:107104
Trust: 1.9
db:JVNDBid:JVNDB-2019-001931
Trust: 0.8
db:NSFOCUSid:42792
Trust: 0.6
db:AUSCERTid:ESB-2019.0533.2
Trust: 0.6
db:CNNVDid:CNNVD-201902-797
Trust: 0.6
sources:
            
            
            BID: 107104 // 
            
            
            
            JVNDB: JVNDB-2019-001931 // 
            
            
            
            CNNVD: CNNVD-201902-797 // 
            
            
            
            NVD: CVE-2019-1684

REFERENCES
url:http://www.securityfocus.com/bid/107104
Trust: 2.2
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-cdp-lldp-dos
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-1684
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1684
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75878
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ip-phone-7800-8800-denial-of-service-via-cdp-lldp-28573
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42792
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            BID: 107104 // 
            
            
            
            JVNDB: JVNDB-2019-001931 // 
            
            
            
            CNNVD: CNNVD-201902-797 // 
            
            
            
            NVD: CVE-2019-1684

CREDITS
Cisco,vendor ?? ??,This vulnerability was found during the resolution of a Cisco TAC support case.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-797

SOURCES
db:BIDid:107104
db:JVNDBid:JVNDB-2019-001931
db:CNNVDid:CNNVD-201902-797
db:NVDid:CVE-2019-1684

LAST UPDATE DATE
2024-11-23T22:51:51.979000+00:00

SOURCES UPDATE DATE
db:BIDid:107104date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001931date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-797date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1684date:2024-11-21T04:37:05.597

SOURCES RELEASE DATE
db:BIDid:107104date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001931date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-797date:2019-02-21T00:00:00
db:NVDid:CVE-2019-1684date:2019-02-21T20:29:00.337