Details of VAR-201903-0357

ID

VAR-201903-0357

CVE

CVE-2019-1716

TITLE

Cisco IP Phone 7800 Series and multiple Cisco IP Phone 8800 Vulnerability related to input validation in series products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003057

DESCRIPTION

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series. These issues are being tracked by Cisco Bug IDs CSCvn56168, CSCvn72540 and CSCvo05687

Trust: 2.43

sources: NVD: CVE-2019-1716 // JVNDB: JVNDB-2019-003057 // CNVD: CNVD-2020-70973 // BID: 107503

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-70973

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0\(4\)sr3	Trust: 1.0
vendor:	cisco	model:	ip phone 8821-ex	scope:	lt	version:	11.0\(4\)sr3	Trust: 1.0
vendor:	cisco	model:	unified ip conferenece phone 8831	scope:	lt	version:	10.3\(1\)sr5	Trust: 1.0
vendor:	cisco	model:	ip phone 8800	scope:	lt	version:	12.5\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	ip conference phone 7800	scope:	lt	version:	12.5\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	ip phone 7800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ip phone 8800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ip phone 8821	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ip phone 8821-ex	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified ip conference phone 8831	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ip phone series	scope:	eq	version:	8800	Trust: 0.6
vendor:	cisco	model:	ip phone series	scope:	eq	version:	7800	Trust: 0.6
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 11.0 sr2	scope:	eq	version:	8821	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 11.0 sr1	scope:	eq	version:	8821	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3 sr4b	scope:	eq	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3 sr3	scope:	eq	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3 sr2	scope:	eq	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3 sr1	scope:	eq	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone	scope:	eq	version:	883110.3(1)	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	eq	version:	88009.4(2)	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	eq	version:	880012.5(1)	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 sr2015	scope:	eq	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	eq	version:	780012.5(1)	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 11.0 sr3	scope:	ne	version:	8821	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3 sr5	scope:	ne	version:	8831	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.6 mn112	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.5 sr2	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.5 sr1.3	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.5 sr1	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.5 es2	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	ne	version:	880011.0(5.5)	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 sr3.2	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 sr3	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 mn43	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip phone series 12.5 sr1	scope:	ne	version:	7800	Trust: 0.3

sources: CNVD: CNVD-2020-70973 // BID: 107503 // JVNDB: JVNDB-2019-003057 // NVD: CVE-2019-1716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1716
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1716
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1716
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-70973
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201903-691
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-1716
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-70973
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-1716
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1716
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2020-70973 // JVNDB: JVNDB-2019-003057 // CNNVD: CNNVD-201903-691 // NVD: CVE-2019-1716 // NVD: CVE-2019-1716

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-003057 // NVD: CVE-2019-1716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-691

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201903-691

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003057

PATCH

title:	cisco-sa-20190320-ip-phone-rce	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce	Trust: 0.8
title:	Patch for Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/241903	Trust: 0.6
title:	Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series Session Initiation Protocol Fixes for software input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90244	Trust: 0.6

sources: CNVD: CNVD-2020-70973 // JVNDB: JVNDB-2019-003057 // CNNVD: CNNVD-201903-691

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1716	Trust: 3.3
db:	JVNDB	id:	JVNDB-2019-003057	Trust: 0.8
db:	CNVD	id:	CNVD-2020-70973	Trust: 0.6
db:	CNNVD	id:	CNNVD-201903-691	Trust: 0.6
db:	BID	id:	107503	Trust: 0.3

sources: CNVD: CNVD-2020-70973 // BID: 107503 // JVNDB: JVNDB-2019-003057 // CNNVD: CNNVD-201903-691 // NVD: CVE-2019-1716

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190320-ip-phone-rce	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1716	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1716	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2020-70973 // BID: 107503 // JVNDB: JVNDB-2019-003057 // CNNVD: CNNVD-201903-691 // NVD: CVE-2019-1716

CREDITS

David Gullasch of modzero AG and Denys Vozniuk of DarkMatter?.

Trust: 0.6

sources: CNNVD: CNNVD-201903-691

SOURCES

db:	CNVD	id:	CNVD-2020-70973
db:	BID	id:	107503
db:	JVNDB	id:	JVNDB-2019-003057
db:	CNNVD	id:	CNNVD-201903-691
db:	NVD	id:	CVE-2019-1716

LAST UPDATE DATE

2024-11-23T22:25:59.590000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-70973	date:	2020-12-13T00:00:00
db:	BID	id:	107503	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-003057	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201903-691	date:	2019-03-21T00:00:00
db:	NVD	id:	CVE-2019-1716	date:	2024-11-21T04:37:09.980

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-70973	date:	2019-12-11T00:00:00
db:	BID	id:	107503	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-003057	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201903-691	date:	2019-03-20T00:00:00
db:	NVD	id:	CVE-2019-1716	date:	2019-03-22T20:29:00.353