Details of VAR-201907-0863

ID

VAR-201907-0863

CVE

CVE-2019-1923

TITLE

Cisco Small Business SPA500 series IP Phone Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006933

DESCRIPTION

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. This issue is being tracked by Cisco Bug ID CSCvp40762 and CSCvp40765

Trust: 1.98

sources: NVD: CVE-2019-1923 // JVNDB: JVNDB-2019-006933 // BID: 109294 // VULHUB: VHN-151655

AFFECTED PRODUCTS

vendor:	cisco	model:	spa501g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa508g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa500s	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa514g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa504g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa525g2	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa509g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa512g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa500ds	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa502g	scope:	lte	version:	7.6.2sr5	Trust: 1.0
vendor:	cisco	model:	spa 500ds	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 500s	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 501g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 502g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 504g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 508g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 509g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 512g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 514g	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	spa 525g2	scope:	lte	version:	7.6.2sr5	Trust: 0.8
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.8	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.6	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.6.2sr5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.5.2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.9c	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.9a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.4.8a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.4	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 109294 // JVNDB: JVNDB-2019-006933 // NVD: CVE-2019-1923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1923
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1923
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1923
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-1011
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151655
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1923
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151655
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1923
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1923
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151655 // JVNDB: JVNDB-2019-006933 // CNNVD: CNNVD-201907-1011 // NVD: CVE-2019-1923 // NVD: CVE-2019-1923

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-151655 // JVNDB: JVNDB-2019-006933 // NVD: CVE-2019-1923

THREAT TYPE

local

Trust: 0.9

sources: BID: 109294 // CNNVD: CNNVD-201907-1011

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 109294 // CNNVD: CNNVD-201907-1011

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006933

PATCH

title:

cisco-sa-20190717-spa500-command

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command

Trust: 0.8

sources: JVNDB: JVNDB-2019-006933

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1923	Trust: 2.8
db:	BID	id:	109294	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-006933	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1011	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2680	Trust: 0.6
db:	VULHUB	id:	VHN-151655	Trust: 0.1

sources: VULHUB: VHN-151655 // BID: 109294 // JVNDB: JVNDB-2019-006933 // CNNVD: CNNVD-201907-1011 // NVD: CVE-2019-1923

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190717-spa500-command	Trust: 2.0
url:	http://www.securityfocus.com/bid/109294	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1923	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1923	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2680/	Trust: 0.6

sources: VULHUB: VHN-151655 // BID: 109294 // JVNDB: JVNDB-2019-006933 // CNNVD: CNNVD-201907-1011 // NVD: CVE-2019-1923

CREDITS

Dustin Cobb of Aon???s Cyber Labs,Dustin Cobb of Aon’s Cyber Labs .

Trust: 0.6

sources: CNNVD: CNNVD-201907-1011

SOURCES

db:	VULHUB	id:	VHN-151655
db:	BID	id:	109294
db:	JVNDB	id:	JVNDB-2019-006933
db:	CNNVD	id:	CNNVD-201907-1011
db:	NVD	id:	CVE-2019-1923

LAST UPDATE DATE

2024-11-23T21:37:05.917000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151655	date:	2020-10-16T00:00:00
db:	BID	id:	109294	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-006933	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1011	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1923	date:	2024-11-21T04:37:41.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151655	date:	2019-07-17T00:00:00
db:	BID	id:	109294	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-006933	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1011	date:	2019-07-17T00:00:00
db:	NVD	id:	CVE-2019-1923	date:	2019-07-17T21:15:12.170