Details of VAR-201910-0974

ID

VAR-201910-0974

CVE

CVE-2019-15258

TITLE

Cisco SPA100 Series Analog Telephone Adapters Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010955

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery. The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet phone services through the RJ-11 phone port

Trust: 2.16

sources: NVD: CVE-2019-15258 // JVNDB: JVNDB-2019-010955 // CNVD: CNVD-2019-36892

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36892

AFFECTED PRODUCTS

vendor:	cisco	model:	spa112	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	spa122	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	spa112	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	spa122	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	spa 112	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 122	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa100 series sr3	scope:	lte	version:	<=1.4.1	Trust: 0.6
vendor:	cisco	model:	spa112	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	spa122	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-36892 // JVNDB: JVNDB-2019-010955 // CNNVD: CNNVD-201910-1097 // NVD: CVE-2019-15258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15258
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15258
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15258
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-36892
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-1097
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-15258
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-36892
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ykramarz@cisco.com:	CVE-2019-15258
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15258
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-36892 // JVNDB: JVNDB-2019-010955 // CNNVD: CNNVD-201910-1097 // NVD: CVE-2019-15258 // NVD: CVE-2019-15258

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.0
problemtype:	CWE-476	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-010955 // NVD: CVE-2019-15258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1097

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1097

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010955

PATCH

title:	cisco-sa-20191016-spa-webui-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos	Trust: 0.8
title:	Patch for Cisco SPA100 Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/186433	Trust: 0.6

sources: CNVD: CNVD-2019-36892 // JVNDB: JVNDB-2019-010955

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15258	Trust: 3.0
db:	TENABLE	id:	TRA-2019-44	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-010955	Trust: 0.8
db:	CNVD	id:	CNVD-2019-36892	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3878	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1097	Trust: 0.6

sources: CNVD: CNVD-2019-36892 // JVNDB: JVNDB-2019-010955 // CNNVD: CNNVD-201910-1097 // NVD: CVE-2019-15258

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-webui-dos	Trust: 2.2
url:	https://www.tenable.com/security/research/tra-2019-44	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15258	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15258	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3878/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-spa100-series-ata-denial-of-service-via-web-based-management-interface-30656	Trust: 0.6

sources: CNVD: CNVD-2019-36892 // JVNDB: JVNDB-2019-010955 // CNNVD: CNNVD-201910-1097 // NVD: CVE-2019-15258

CREDITS

Andrew Orr and Alex Weber of Tenable Inc. .

Trust: 0.6

sources: CNNVD: CNNVD-201910-1097

SOURCES

db:	CNVD	id:	CNVD-2019-36892
db:	JVNDB	id:	JVNDB-2019-010955
db:	CNNVD	id:	CNNVD-201910-1097
db:	NVD	id:	CVE-2019-15258

LAST UPDATE DATE

2024-11-23T21:51:52.727000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36892	date:	2019-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-010955	date:	2019-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201910-1097	date:	2019-10-28T00:00:00
db:	NVD	id:	CVE-2019-15258	date:	2024-11-21T04:28:18.680

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36892	date:	2019-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-010955	date:	2019-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201910-1097	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15258	date:	2019-10-16T19:15:13.630