CVE-2019-1684 — MEDIUM (6.5)

Q: How severe is CVE-2019-1684?

CVE-2019-1684 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1684?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8800 Firmware, Cisco Ip Phone 8800, Cisco Ip Phone 7800 Firmware, Cisco Ip Phone 7800, Cisco Ip Conference Phone 7832 Firmware.

Vulnerability Description

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ip Phone 8800 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 8800	-
Cisco	Ip Phone 7800 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 7800	-
Cisco	Ip Conference Phone 7832 Firmware	< 12.6\(1\)mn80
Cisco	Ip Conference Phone 7832	-
Cisco	Ip Conference Phone 8832 Firmware	< 12.6\(1\)mn80
Cisco	Ip Conference Phone 8832	-
Cisco	Ip Phone 7811 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 7811	-
Cisco	Ip Phone 7821 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 7821	-
Cisco	Ip Phone 7841 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 7841	-
Cisco	Ip Phone 7861 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 7861	-
Cisco	Ip Phone 8811 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 8811	-
Cisco	Ip Phone 8841 Firmware	< 12.6\(1\)mn80
Cisco	Ip Phone 8841	-

Related Weaknesses (CWE)

CWE-119 CWE-399

References

http://www.securityfocus.com/bid/107104Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/107104Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1684?

CVE-2019-1684 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to ...

How severe is CVE-2019-1684?

CVE-2019-1684 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1684?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8800 Firmware, Cisco Ip Phone 8800, Cisco Ip Phone 7800 Firmware, Cisco Ip Phone 7800, Cisco Ip Conference Phone 7832 Firmware.