ID

VAR-201904-0435


CVE

CVE-2019-1837


TITLE

Cisco Unified Communications Manager Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003525

DESCRIPTION

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo08315. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-1837 // JVNDB: JVNDB-2019-003525 // BID: 108019 // VULHUB: VHN-150709

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:11.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.0

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 108019 // JVNDB: JVNDB-2019-003525 // NVD: CVE-2019-1837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1837
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1837
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1837
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-842
value: HIGH

Trust: 0.6

VULHUB: VHN-150709
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1837
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150709
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1837
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1837
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150709 // JVNDB: JVNDB-2019-003525 // CNNVD: CNNVD-201904-842 // NVD: CVE-2019-1837 // NVD: CVE-2019-1837

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-129

Trust: 1.0

sources: VULHUB: VHN-150709 // JVNDB: JVNDB-2019-003525 // NVD: CVE-2019-1837

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-842

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-842

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003525

PATCH

title:cisco-sa-20190417-ucm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos

Trust: 0.8

title:Cisco Unified Communications Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91676

Trust: 0.6

sources: JVNDB: JVNDB-2019-003525 // CNNVD: CNNVD-201904-842

EXTERNAL IDS

db:NVDid:CVE-2019-1837

Trust: 2.8

db:BIDid:108019

Trust: 2.0

db:JVNDBid:JVNDB-2019-003525

Trust: 0.8

db:CNNVDid:CNNVD-201904-842

Trust: 0.7

db:AUSCERTid:ESB-2019.1343

Trust: 0.6

db:VULHUBid:VHN-150709

Trust: 0.1

sources: VULHUB: VHN-150709 // BID: 108019 // JVNDB: JVNDB-2019-003525 // CNNVD: CNNVD-201904-842 // NVD: CVE-2019-1837

REFERENCES

url:http://www.securityfocus.com/bid/108019

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ucm-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1837

Trust: 1.4

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1837

Trust: 0.8

url:https://www.auscert.org.au/bulletins/79346

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-uds-api-29086

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-150709 // BID: 108019 // JVNDB: JVNDB-2019-003525 // CNNVD: CNNVD-201904-842 // NVD: CVE-2019-1837

CREDITS

Cisco

Trust: 0.9

sources: BID: 108019 // CNNVD: CNNVD-201904-842

SOURCES

db:VULHUBid:VHN-150709
db:BIDid:108019
db:JVNDBid:JVNDB-2019-003525
db:CNNVDid:CNNVD-201904-842
db:NVDid:CVE-2019-1837

LAST UPDATE DATE

2024-08-14T14:39:01.259000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150709date:2019-10-09T00:00:00
db:BIDid:108019date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003525date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-842date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1837date:2019-10-09T23:48:17.737

SOURCES RELEASE DATE

db:VULHUBid:VHN-150709date:2019-04-18T00:00:00
db:BIDid:108019date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003525date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-842date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1837date:2019-04-18T02:29:05.997