CVE-2019-1716

CWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICAL
EPSS
7.3%
top 8.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Cisco Cisco IP Phone 7800 Series AND 8800 SeriesCisco Cisco Unified IP Conference Phone 8831Cisco Cisco Wireless IP Phone 8821 AND 8821-ex+5 more
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplyi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5cisco/cisco_ip_phone_7800_series_and_8800_seriesunspecified12.5(1)SR1
CVEListV5cisco/cisco_unified_ip_conference_phone_8831unspecified10.3(1)SR5
CVEListV5cisco/cisco_wireless_ip_phone_8821_and_8821-exunspecified11.0(4)SR3
NVDcisco/ip_phone_8800_firmware< 12.5\(1\)sr1

🔴Vulnerability Details

2
GHSA
GHSA-9798-53mw-wrx7: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone2022-05-13
CVEList
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability2019-03-22

💥Exploits & PoCs

1
Exploit-DB
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite2019-12-06

📋Vendor Advisories

1
Cisco
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability2019-03-20