Sign-up

ID

VAR-201907-0234


CVE

CVE-2019-1887


TITLE

Cisco Unified Communications Manager Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-006126

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo70834. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2019-1887 // JVNDB: JVNDB-2019-006126 // BID: 109040 // VULHUB: VHN-151259

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:12.5(1.10000.22)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0(1.10000.10)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.10000.6)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.5

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:12.0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2)

Trust: 0.3

sources: BID: 109040 // JVNDB: JVNDB-2019-006126 // NVD: CVE-2019-1887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1887
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1887
value: HIGH

Trust: 1.0

NVD: CVE-2019-1887
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-229
value: HIGH

Trust: 0.6

VULHUB: VHN-151259
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151259
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1887
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1887
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-151259 // JVNDB: JVNDB-2019-006126 // CNNVD: CNNVD-201907-229 // NVD: CVE-2019-1887 // NVD: CVE-2019-1887

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-151259 // JVNDB: JVNDB-2019-006126 // NVD: CVE-2019-1887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-229

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-229

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006126

PATCH
title:cisco-sa-20190703-cucm-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos
Trust: 0.8
title:Cisco Unified Communications Manager Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94418
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006126 // 
            
            
            
            CNNVD: CNNVD-201907-229

EXTERNAL IDS
db:NVDid:CVE-2019-1887
Trust: 2.8
db:BIDid:109040
Trust: 1.0
db:JVNDBid:JVNDB-2019-006126
Trust: 0.8
db:CNNVDid:CNNVD-201907-229
Trust: 0.7
db:AUSCERTid:ESB-2019.2449
Trust: 0.6
db:VULHUBid:VHN-151259
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151259 // 
            
            
            
            BID: 109040 // 
            
            
            
            JVNDB: JVNDB-2019-006126 // 
            
            
            
            CNNVD: CNNVD-201907-229 // 
            
            
            
            NVD: CVE-2019-1887

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-cucm-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1887
Trust: 1.4
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1887
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2449/
Trust: 0.6
url:https://www.securityfocus.com/bid/109040
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-sip-29686
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-151259 // 
            
            
            
            BID: 109040 // 
            
            
            
            JVNDB: JVNDB-2019-006126 // 
            
            
            
            CNNVD: CNNVD-201907-229 // 
            
            
            
            NVD: CVE-2019-1887

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 109040 // 
            
            
            
            CNNVD: CNNVD-201907-229

SOURCES
db:VULHUBid:VHN-151259
db:BIDid:109040
db:JVNDBid:JVNDB-2019-006126
db:CNNVDid:CNNVD-201907-229
db:NVDid:CVE-2019-1887

LAST UPDATE DATE
2024-08-14T14:04:20.596000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151259date:2019-10-09T00:00:00
db:BIDid:109040date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006126date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-229date:2019-07-10T00:00:00
db:NVDid:CVE-2019-1887date:2019-10-09T23:48:26.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-151259date:2019-07-06T00:00:00
db:BIDid:109040date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006126date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-229date:2019-07-03T00:00:00
db:NVDid:CVE-2019-1887date:2019-07-06T02:15:11.090