CVE-2019-1716 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2019-1716?

CVE-2019-1716 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1716?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8821 Firmware, Cisco Ip Phone 8821, Cisco Ip Phone 8821-Ex Firmware, Cisco Ip Phone 8821-Ex, Cisco Ip Conference Phone 7800 Firmware.

Vulnerability Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ip Phone 8821 Firmware	< 11.0\(4\)sr3
Cisco	Ip Phone 8821	-
Cisco	Ip Phone 8821-Ex Firmware	< 11.0\(4\)sr3
Cisco	Ip Phone 8821-Ex	-
Cisco	Ip Conference Phone 7800 Firmware	< 12.5\(1\)sr1
Cisco	Ip Conference Phone 7800	-
Cisco	Ip Phone 8800 Firmware	< 12.5\(1\)sr1
Cisco	Ip Phone 8800	-
Cisco	Unified Ip Conferenece Phone 8831 Firmware	< 10.3\(1\)sr5
Cisco	Unified Ip Conferenece Phone 8831	-

Related Weaknesses (CWE)

CWE-20

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1716?

CVE-2019-1716 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote...

How severe is CVE-2019-1716?

CVE-2019-1716 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1716?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8821 Firmware, Cisco Ip Phone 8821, Cisco Ip Phone 8821-Ex Firmware, Cisco Ip Phone 8821-Ex, Cisco Ip Conference Phone 7800 Firmware.