ID

VAR-201907-0234


CVE

CVE-2019-1887


TITLE

Cisco Unified Communications Manager Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-006126

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo70834. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2019-1887 // JVNDB: JVNDB-2019-006126 // BID: 109040 // VULHUB: VHN-151259

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.5(1.10000.22)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.10000.6)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.5

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2)

Trust: 0.3

sources: BID: 109040 // JVNDB: JVNDB-2019-006126 // NVD: CVE-2019-1887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1887
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1887
value: HIGH

Trust: 1.0

NVD: CVE-2019-1887
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-229
value: HIGH

Trust: 0.6

VULHUB: VHN-151259
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151259
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1887
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1887
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-151259 // JVNDB: JVNDB-2019-006126 // CNNVD: CNNVD-201907-229 // NVD: CVE-2019-1887 // NVD: CVE-2019-1887

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-151259 // JVNDB: JVNDB-2019-006126 // NVD: CVE-2019-1887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-229

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-229

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006126

PATCH

title:cisco-sa-20190703-cucm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos

Trust: 0.8

title:Cisco Unified Communications Manager Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94418

Trust: 0.6

sources: JVNDB: JVNDB-2019-006126 // CNNVD: CNNVD-201907-229

EXTERNAL IDS

db:NVDid:CVE-2019-1887

Trust: 2.8

db:BIDid:109040

Trust: 1.0

db:JVNDBid:JVNDB-2019-006126

Trust: 0.8

db:CNNVDid:CNNVD-201907-229

Trust: 0.7

db:AUSCERTid:ESB-2019.2449

Trust: 0.6

db:VULHUBid:VHN-151259

Trust: 0.1

sources: VULHUB: VHN-151259 // BID: 109040 // JVNDB: JVNDB-2019-006126 // CNNVD: CNNVD-201907-229 // NVD: CVE-2019-1887

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-cucm-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1887

Trust: 1.4

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1887

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2449/

Trust: 0.6

url:https://www.securityfocus.com/bid/109040

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-sip-29686

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-151259 // BID: 109040 // JVNDB: JVNDB-2019-006126 // CNNVD: CNNVD-201907-229 // NVD: CVE-2019-1887

CREDITS

Cisco

Trust: 0.9

sources: BID: 109040 // CNNVD: CNNVD-201907-229

SOURCES

db:VULHUBid:VHN-151259
db:BIDid:109040
db:JVNDBid:JVNDB-2019-006126
db:CNNVDid:CNNVD-201907-229
db:NVDid:CVE-2019-1887

LAST UPDATE DATE

2024-08-14T14:04:20.596000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151259date:2019-10-09T00:00:00
db:BIDid:109040date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006126date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-229date:2019-07-10T00:00:00
db:NVDid:CVE-2019-1887date:2019-10-09T23:48:26.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-151259date:2019-07-06T00:00:00
db:BIDid:109040date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006126date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-229date:2019-07-03T00:00:00
db:NVDid:CVE-2019-1887date:2019-07-06T02:15:11.090