Details of VAR-201903-0960

ID

VAR-201903-0960

CVE

CVE-2018-0389

TITLE

Cisco Small Business SPA514G IP Phone Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002485

DESCRIPTION

A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier. The CiscoSmallBusinessSPA514GIPPhones is an IP phone from Cisco. A resource management error vulnerability exists in CiscoSmallBusinessSPA514GIPPhones that uses 7.6.2 SR2A and previous firmware. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvc63989

Trust: 2.61

sources: NVD: CVE-2018-0389 // JVNDB: JVNDB-2019-002485 // CNVD: CNVD-2019-08461 // BID: 107402 // VULHUB: VHN-118591 // VULMON: CVE-2018-0389

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-08461

AFFECTED PRODUCTS

vendor:	cisco	model:	spa514g	scope:	lte	version:	7.6.2sr2	Trust: 1.8
vendor:	cisco	model:	small business spa514g ip phones <=7.6.2sr2a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.8	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.6	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.6 sr2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.7(6)	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.5.2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.9c	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.9a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.8a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1	Trust: 0.3

sources: CNVD: CNVD-2019-08461 // BID: 107402 // JVNDB: JVNDB-2019-002485 // NVD: CVE-2018-0389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0389
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0389
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0389
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-08461
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201903-495
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118591
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0389
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0389
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-08461
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118591
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0389
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: CNVD: CNVD-2019-08461 // VULHUB: VHN-118591 // VULMON: CVE-2018-0389 // JVNDB: JVNDB-2019-002485 // CNNVD: CNNVD-201903-495 // NVD: CVE-2018-0389 // NVD: CVE-2018-0389

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118591 // JVNDB: JVNDB-2019-002485 // NVD: CVE-2018-0389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-495

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201903-495

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002485

PATCH

title:	cisco-sa-20190313-sip	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip	Trust: 0.8
title:	Patch for CiscoSPA514G Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/157559	Trust: 0.6
title:	Cisco: Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190313-sip	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-default-password-bug/142814/	Trust: 0.1

sources: CNVD: CNVD-2019-08461 // VULMON: CVE-2018-0389 // JVNDB: JVNDB-2019-002485

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0389	Trust: 3.5
db:	BID	id:	107402	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-002485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-495	Trust: 0.7
db:	CNVD	id:	CNVD-2019-08461	Trust: 0.6
db:	VULHUB	id:	VHN-118591	Trust: 0.1
db:	VULMON	id:	CVE-2018-0389	Trust: 0.1

sources: CNVD: CNVD-2019-08461 // VULHUB: VHN-118591 // VULMON: CVE-2018-0389 // BID: 107402 // JVNDB: JVNDB-2019-002485 // CNNVD: CNNVD-201903-495 // NVD: CVE-2018-0389

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190313-sip	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0389	Trust: 2.0
url:	http://www.securityfocus.com/bid/107402	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0389	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-critical-default-password-bug/142814/	Trust: 0.1

sources: CNVD: CNVD-2019-08461 // VULHUB: VHN-118591 // VULMON: CVE-2018-0389 // BID: 107402 // JVNDB: JVNDB-2019-002485 // CNNVD: CNNVD-201903-495 // NVD: CVE-2018-0389

CREDITS

Cisco

Trust: 0.3

sources: BID: 107402

SOURCES

db:	CNVD	id:	CNVD-2019-08461
db:	VULHUB	id:	VHN-118591
db:	VULMON	id:	CVE-2018-0389
db:	BID	id:	107402
db:	JVNDB	id:	JVNDB-2019-002485
db:	CNNVD	id:	CNNVD-201903-495
db:	NVD	id:	CVE-2018-0389

LAST UPDATE DATE

2024-11-23T22:45:05.549000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-08461	date:	2019-03-28T00:00:00
db:	VULHUB	id:	VHN-118591	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0389	date:	2019-10-09T00:00:00
db:	BID	id:	107402	date:	2019-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-002485	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-495	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-0389	date:	2024-11-21T03:38:07.617

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-08461	date:	2019-03-28T00:00:00
db:	VULHUB	id:	VHN-118591	date:	2019-03-13T00:00:00
db:	VULMON	id:	CVE-2018-0389	date:	2019-03-13T00:00:00
db:	BID	id:	107402	date:	2019-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-002485	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-495	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-0389	date:	2019-03-13T21:29:00.260