Sign-up

ID

VAR-201904-0435


CVE

CVE-2019-1837


TITLE

Cisco Unified Communications Manager Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003525

DESCRIPTION

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo08315. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-1837 // JVNDB: JVNDB-2019-003525 // BID: 108019 // VULHUB: VHN-150709

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:11.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.0

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.5

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 108019 // JVNDB: JVNDB-2019-003525 // NVD: CVE-2019-1837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1837
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1837
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1837
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-842
value: HIGH

Trust: 0.6

VULHUB: VHN-150709
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1837
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150709
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1837
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1837
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150709 // JVNDB: JVNDB-2019-003525 // CNNVD: CNNVD-201904-842 // NVD: CVE-2019-1837 // NVD: CVE-2019-1837

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-129

Trust: 1.0

sources: VULHUB: VHN-150709 // JVNDB: JVNDB-2019-003525 // NVD: CVE-2019-1837

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-842

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-842

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003525

PATCH
title:cisco-sa-20190417-ucm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos
Trust: 0.8
title:Cisco Unified Communications Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91676
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003525 // 
            
            
            
            CNNVD: CNNVD-201904-842

EXTERNAL IDS
db:NVDid:CVE-2019-1837
Trust: 2.8
db:BIDid:108019
Trust: 2.0
db:JVNDBid:JVNDB-2019-003525
Trust: 0.8
db:CNNVDid:CNNVD-201904-842
Trust: 0.7
db:AUSCERTid:ESB-2019.1343
Trust: 0.6
db:VULHUBid:VHN-150709
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150709 // 
            
            
            
            BID: 108019 // 
            
            
            
            JVNDB: JVNDB-2019-003525 // 
            
            
            
            CNNVD: CNNVD-201904-842 // 
            
            
            
            NVD: CVE-2019-1837

REFERENCES
url:http://www.securityfocus.com/bid/108019
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ucm-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1837
Trust: 1.4
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1837
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79346
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-uds-api-29086
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-150709 // 
            
            
            
            BID: 108019 // 
            
            
            
            JVNDB: JVNDB-2019-003525 // 
            
            
            
            CNNVD: CNNVD-201904-842 // 
            
            
            
            NVD: CVE-2019-1837

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108019 // 
            
            
            
            CNNVD: CNNVD-201904-842

SOURCES
db:VULHUBid:VHN-150709
db:BIDid:108019
db:JVNDBid:JVNDB-2019-003525
db:CNNVDid:CNNVD-201904-842
db:NVDid:CVE-2019-1837

LAST UPDATE DATE
2024-08-14T14:39:01.259000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150709date:2019-10-09T00:00:00
db:BIDid:108019date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003525date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-842date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1837date:2019-10-09T23:48:17.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-150709date:2019-04-18T00:00:00
db:BIDid:108019date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003525date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-842date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1837date:2019-04-18T02:29:05.997