Sign-up

ID

VAR-201906-0683


CVE

CVE-2019-1845


TITLE

plural Cisco Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-005276

DESCRIPTION

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack. Multiple Cisco Products are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvn00361, CSCvp51956. Cisco Expressway Series, etc. are all products of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-1845 // JVNDB: JVNDB-2019-005276 // BID: 108615 // VULHUB: VHN-150797

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:lteversion:x12.5.2

Trust: 1.0

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:11.5\(1\)

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:gteversion:x8.1

Trust: 1.0

vendor:ciscomodel:telepresence video communication server softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications manager im and presence servicescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications manager im & presence servicescope:eqversion:11.5(1)

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.9.3

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x8.1

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x12.5.2

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:x8.1

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:x12.5.2

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:neversion:x12.5.3

Trust: 0.3

sources: BID: 108615 // JVNDB: JVNDB-2019-005276 // NVD: CVE-2019-1845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1845
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1845
value: HIGH

Trust: 1.0

NVD: CVE-2019-1845
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-159
value: HIGH

Trust: 0.6

VULHUB: VHN-150797
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1845
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150797
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1845
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150797 // JVNDB: JVNDB-2019-005276 // CNNVD: CNNVD-201906-159 // NVD: CVE-2019-1845 // NVD: CVE-2019-1845

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150797 // JVNDB: JVNDB-2019-005276 // NVD: CVE-2019-1845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-159

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-159

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005276

PATCH
title:cisco-sa-20190605-cucm-imp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos
Trust: 0.8
title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93251
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005276 // 
            
            
            
            CNNVD: CNNVD-201906-159

EXTERNAL IDS
db:NVDid:CVE-2019-1845
Trust: 2.8
db:BIDid:108615
Trust: 2.0
db:JVNDBid:JVNDB-2019-005276
Trust: 0.8
db:CNNVDid:CNNVD-201906-159
Trust: 0.7
db:AUSCERTid:ESB-2019.2027
Trust: 0.6
db:AUSCERTid:ESB-2019.2027.2
Trust: 0.6
db:VULHUBid:VHN-150797
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150797 // 
            
            
            
            BID: 108615 // 
            
            
            
            JVNDB: JVNDB-2019-005276 // 
            
            
            
            CNNVD: CNNVD-201906-159 // 
            
            
            
            NVD: CVE-2019-1845

REFERENCES
url:http://www.securityfocus.com/bid/108615
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-cucm-imp-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1845
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1845
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-im-p-service-denial-of-service-via-xmpp-authentication-29475
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2027.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2027/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150797 // 
            
            
            
            BID: 108615 // 
            
            
            
            JVNDB: JVNDB-2019-005276 // 
            
            
            
            CNNVD: CNNVD-201906-159 // 
            
            
            
            NVD: CVE-2019-1845

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108615 // 
            
            
            
            CNNVD: CNNVD-201906-159

SOURCES
db:VULHUBid:VHN-150797
db:BIDid:108615
db:JVNDBid:JVNDB-2019-005276
db:CNNVDid:CNNVD-201906-159
db:NVDid:CVE-2019-1845

LAST UPDATE DATE
2024-11-23T22:48:22.599000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150797date:2019-10-09T00:00:00
db:BIDid:108615date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005276date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-159date:2019-06-28T00:00:00
db:NVDid:CVE-2019-1845date:2024-11-21T04:37:31.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-150797date:2019-06-05T00:00:00
db:BIDid:108615date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005276date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-159date:2019-06-05T00:00:00
db:NVDid:CVE-2019-1845date:2019-06-05T17:29:00.460