cbcvebase.
CVE-2019-1716
published 2019-03-22

CVE-2019-1716: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800…

PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.11%
86.1th percentile
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.

Affected

9 ranges
VendorProductVersion rangeFixed in
ciscocisco_ip_phone_7800_series_and_8800_series>= unspecified < 12.5(1)SR112.5(1)SR1
ciscocisco_unified_ip_conference_phone_8831>= unspecified < 10.3(1)SR510.3(1)SR5
ciscocisco_wireless_ip_phone_8821_and_8821-ex>= unspecified < 11.0(4)SR311.0(4)SR3
ciscoip_conference_phone_7800_firmware< 12.5\(1\)sr112.5\(1\)sr1
ciscoip_phone_7800_series_and_8800_series
ciscoip_phone_8800_firmware< 12.5\(1\)sr112.5\(1\)sr1
ciscoip_phone_8821-ex_firmware< 11.0\(4\)sr311.0\(4\)sr3
ciscoip_phone_8821_firmware< 11.0\(4\)sr311.0\(4\)sr3
ciscounified_ip_conferenece_phone_8831_firmware< 10.3\(1\)sr510.3\(1\)sr5

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is unauthenticated HTTP connection to the web-based management interface supplying malicious user credentials during authentication
  • Successful exploitation executes arbitrary code as the 'app' user on the device, which can be used as a privilege indicator in forensic analysis
  • Target the web-based management interface of SIP Software on Cisco IP Phone 7800 and 8800 Series; monitor for unexpected HTTP authentication attempts or device reloads on these endpoints
  • ·Vulnerability is fixed in SIP Software 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; devices running earlier versions are vulnerable
  • ·Vulnerability is fixed in SIP Software 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; devices running earlier versions are vulnerable
  • ·Vulnerability is fixed in SIP Software 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series; devices running earlier versions are vulnerable
  • ·There are no workarounds available for this vulnerability
  • ·Cisco Bug IDs associated with this vulnerability are CSCvn56168, CSCvn72540, and CSCvo05687; useful for cross-referencing vendor advisories and patch tracking

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.