1. Home
  2. CVE Database
  3. CVE-2019-1922
MEDIUM · 5.3

CVE-2019-1922

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte...

Vulnerability Description

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIp Conference Phone 7832 Firmware-
CiscoIp Conference Phone 7832-
CiscoIp Conference Phone 8832 Firmware11.5\(1\)
CiscoIp Conference Phone 8832-
CiscoIp Phone 7811 Firmware-
CiscoIp Phone 7811-
CiscoIp Phone 7821 Firmware-
CiscoIp Phone 7821-
CiscoIp Phone 7841 Firmware-
CiscoIp Phone 7841-
CiscoIp Phone 7861 Firmware-
CiscoIp Phone 7861-
CiscoIp Phone 8811 Firmware11.5\(1\)
CiscoIp Phone 8811-
CiscoIp Phone 8841 Firmware11.5\(1\)
CiscoIp Phone 8841-
CiscoIp Phone 8845 Firmware11.5\(1\)
CiscoIp Phone 8845-
CiscoIp Phone 8851 Firmware11.5\(1\)
CiscoIp Phone 8851-

Related Weaknesses (CWE)

CWE-476

References

FAQ

What is CVE-2019-1922?

CVE-2019-1922 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte...

How severe is CVE-2019-1922?

CVE-2019-1922 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1922?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Conference Phone 7832 Firmware, Cisco Ip Conference Phone 7832, Cisco Ip Conference Phone 8832 Firmware, Cisco Ip Conference Phone 8832, Cisco Ip Phone 7811 Firmware.