Details of VAR-201903-0572

ID

VAR-201903-0572

CVE

CVE-2019-1765

TITLE

plural Cisco IP Phone 8800 Path traversal vulnerability in series products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003060

DESCRIPTION

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCvn56213 and CSCvo57138

Trust: 1.89

sources: NVD: CVE-2019-1765 // JVNDB: JVNDB-2019-003060 // BID: 107500

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0\(5\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 8832	scope:	lt	version:	12.5\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	ip phone 8821-ex	scope:	lt	version:	11.0\(5\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8800	scope:	lt	version:	12.5\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	ip conference phone 8832	scope:	lt	version:	12.5(1)sr1	Trust: 0.8
vendor:	cisco	model:	ip phone 8800 series	scope:	lt	version:	12.5(1)sr1	Trust: 0.8
vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0(5)	Trust: 0.8
vendor:	cisco	model:	ip phone 8821-ex	scope:	lt	version:	11.0(5)	Trust: 0.8
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 8821-ex 11.0 sr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 sr2	scope:	eq	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip conference phone	scope:	eq	version:	883212.1	Trust: 0.3
vendor:	cisco	model:	wireless ip phone 8821-ex	scope:	ne	version:	11.0(5)	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	ne	version:	880011.0(5.12)	Trust: 0.3
vendor:	cisco	model:	ip phone series	scope:	ne	version:	880011.0(5)	Trust: 0.3
vendor:	cisco	model:	ip phone series 11.0 mn63	scope:	ne	version:	8800	Trust: 0.3
vendor:	cisco	model:	ip conference phone 12.5 sr1	scope:	ne	version:	8832	Trust: 0.3

sources: BID: 107500 // JVNDB: JVNDB-2019-003060 // NVD: CVE-2019-1765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1765
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1765
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1765
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-696
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-1765
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-1765
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1765
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: JVNDB: JVNDB-2019-003060 // CNNVD: CNNVD-201903-696 // NVD: CVE-2019-1765 // NVD: CVE-2019-1765

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2019-003060 // NVD: CVE-2019-1765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-696

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201903-696

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003060

PATCH

title:	cisco-sa-20190320-ipptv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv	Trust: 0.8
title:	Cisco IP Phone 8800 Series Session Initiation Protocol Software path traversal vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90249	Trust: 0.6

sources: JVNDB: JVNDB-2019-003060 // CNNVD: CNNVD-201903-696

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1765	Trust: 2.7
db:	JVNDB	id:	JVNDB-2019-003060	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-696	Trust: 0.6
db:	BID	id:	107500	Trust: 0.3

sources: BID: 107500 // JVNDB: JVNDB-2019-003060 // CNNVD: CNNVD-201903-696 // NVD: CVE-2019-1765

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190320-ipptv	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1765	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1765	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: BID: 107500 // JVNDB: JVNDB-2019-003060 // CNNVD: CNNVD-201903-696 // NVD: CVE-2019-1765

CREDITS

David Gullasch of modzero AG .

Trust: 0.6

sources: CNNVD: CNNVD-201903-696

SOURCES

db:	BID	id:	107500
db:	JVNDB	id:	JVNDB-2019-003060
db:	CNNVD	id:	CNNVD-201903-696
db:	NVD	id:	CVE-2019-1765

LAST UPDATE DATE

2024-11-23T21:37:35.774000+00:00

SOURCES UPDATE DATE

db:	BID	id:	107500	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-003060	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201903-696	date:	2019-03-21T00:00:00
db:	NVD	id:	CVE-2019-1765	date:	2024-11-21T04:37:19.630

SOURCES RELEASE DATE

db:	BID	id:	107500	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-003060	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201903-696	date:	2019-03-20T00:00:00
db:	NVD	id:	CVE-2019-1765	date:	2019-03-22T20:29:00.477