ID
VAR-201905-0503
CVE
CVE-2019-1635
TITLE
Cisco IP Phone 7800 and 8800 Series error handling vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Multiple Cisco Products are prone to an denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvm39405, CSCvo19825, CSCvo21348, and CSCvo23532. This issue affects following cisco products if they are running a SIP Software release prior to the first fixed release. IP Conference Phone 7832 IP Conference Phone 8832 IP Phone 7811 IP Phone 7821 IP Phone 7841 IP Phone 7861 IP Phone 8811 IP Phone 8841 IP Phone 8845 IP Phone 8851 IP Phone 8861 IP Phone 8865 Unified IP 8831 Conference Phone1 Unified IP 8831 Conference Phone for Third-Party Call Control2 Wireless IP Phone 8821 Wireless IP Phone 8821-EX. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | ip phone 7811 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 7832 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone1 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 7832 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8841 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8861 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8851 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7811 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7841 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 8832 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7841 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone1 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7821 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8811 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone for third-party call control2 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8841 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7861 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8845 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8865 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8841 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8811 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone for third-party call control2 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8861 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8851 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8811 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 7832 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 8832 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone for third-party call control2 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7811 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7861 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8845 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7821 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7841 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7861 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8845 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone1 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8861 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8851 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8865 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 8832 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8861 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8851 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8841 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 8832 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7821 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7821 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 7832 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8811 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7811 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8865 | scope: | eq | version: | 11.0\(4\)sr2 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7841 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone1 | scope: | eq | version: | 9.3\(4\)sr3 | Trust: 1.0 |
| vendor: | cisco | model: | unified ip 8831 conference phone for third-party call control2 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8865 | scope: | eq | version: | 10.3\(1\)sr4b | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 7861 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip phone 8845 | scope: | eq | version: | 12.1\(1\)sr1 | Trust: 1.0 |
| vendor: | cisco | model: | ip conference phone 7832 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip conference phone 8832 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 7811 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 7821 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 7841 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 7861 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 8811 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 8841 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 8845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ip phone 8851 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | wireless ip phone | scope: | eq | version: | 88210 | Trust: 0.3 |
| vendor: | cisco | model: | unified ip conference phone for third-party call control | scope: | eq | version: | 88310 | Trust: 0.3 |
| vendor: | cisco | model: | unified ip conference phone | scope: | eq | version: | 88310 | Trust: 0.3 |
| vendor: | cisco | model: | small business ip phones 9.3 sr3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88650 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88610 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88510 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88450 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88410 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 88110 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 12.1 sr1 | scope: | eq | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 11.0 sr2 | scope: | eq | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 10.3 sr4b | scope: | eq | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 78610 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 78410 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 78210 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 78110 | Trust: 0.3 |
| vendor: | cisco | model: | ip conference phone | scope: | eq | version: | 88320 | Trust: 0.3 |
| vendor: | cisco | model: | ip conference phone | scope: | eq | version: | 78320 | Trust: 0.3 |
| vendor: | cisco | model: | wireless ip phone 8821-ex | scope: | ne | version: | 11.0(5) | Trust: 0.3 |
| vendor: | cisco | model: | wireless ip phone | scope: | ne | version: | 882111.0(5) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series | scope: | ne | version: | 880012.5(1.16) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 12.5 mn474 | scope: | ne | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 12.5 mn470 | scope: | ne | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series | scope: | ne | version: | 880012.5(1) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 12.1 es9 | scope: | ne | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series | scope: | ne | version: | 880011.0(5.9) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series | scope: | ne | version: | 880011.0(5) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series 11.0 mn50 | scope: | ne | version: | 8800 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone series | scope: | ne | version: | 780012.5(1) | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
| problemtype: | CWE-755 | Trust: 1.1 |
| problemtype: | CWE-388 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20190501-phone-sip-xml-dos | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-dos | Trust: 0.8 |
| title: | Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol Software Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92173 | Trust: 0.6 |
| title: | Cisco: Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-phone-sip-xml-dos | Trust: 0.1 |
| title: | Threatpost | url: | https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1635 | Trust: 2.9 |
| db: | BID | id: | 108138 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2019-004369 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201905-022 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2019.1521 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-148487 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-1635 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-phone-sip-xml-dos | Trust: 2.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1635 | Trust: 1.4 |
| url: | http://www.cisco.com/ | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1635 | Trust: 0.8 |
| url: | https://www.securityfocus.com/bid/108138 | Trust: 0.7 |
| url: | https://www.auscert.org.au/bulletins/80122 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/cisco-ip-phone-denial-of-service-via-sip-xml-29188 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/755.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/ | Trust: 0.1 |
CREDITS
The vendor reported this issue.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-148487 |
| db: | VULMON | id: | CVE-2019-1635 |
| db: | BID | id: | 108138 |
| db: | JVNDB | id: | JVNDB-2019-004369 |
| db: | CNNVD | id: | CNNVD-201905-022 |
| db: | NVD | id: | CVE-2019-1635 |
LAST UPDATE DATE
2024-11-23T22:25:56.451000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-148487 | date: | 2020-10-16T00:00:00 |
| db: | VULMON | id: | CVE-2019-1635 | date: | 2020-10-16T00:00:00 |
| db: | BID | id: | 108138 | date: | 2019-05-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-004369 | date: | 2019-05-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-022 | date: | 2019-05-09T00:00:00 |
| db: | NVD | id: | CVE-2019-1635 | date: | 2024-11-21T04:36:58.740 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-148487 | date: | 2019-05-03T00:00:00 |
| db: | VULMON | id: | CVE-2019-1635 | date: | 2019-05-03T00:00:00 |
| db: | BID | id: | 108138 | date: | 2019-05-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-004369 | date: | 2019-05-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-022 | date: | 2019-05-01T00:00:00 |
| db: | NVD | id: | CVE-2019-1635 | date: | 2019-05-03T15:29:00.713 |