CVE-2019-1716
published 2019-03-22CVE-2019-1716: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.11%
86.1th percentile
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ip_phone_7800_series_and_8800_series | >= unspecified < 12.5(1)SR1 | 12.5(1)SR1 |
| cisco | cisco_unified_ip_conference_phone_8831 | >= unspecified < 10.3(1)SR5 | 10.3(1)SR5 |
| cisco | cisco_wireless_ip_phone_8821_and_8821-ex | >= unspecified < 11.0(4)SR3 | 11.0(4)SR3 |
| cisco | ip_conference_phone_7800_firmware | < 12.5\(1\)sr1 | 12.5\(1\)sr1 |
| cisco | ip_phone_7800_series_and_8800_series | — | — |
| cisco | ip_phone_8800_firmware | < 12.5\(1\)sr1 | 12.5\(1\)sr1 |
| cisco | ip_phone_8821-ex_firmware | < 11.0\(4\)sr3 | 11.0\(4\)sr3 |
| cisco | ip_phone_8821_firmware | < 11.0\(4\)sr3 | 11.0\(4\)sr3 |
| cisco | unified_ip_conferenece_phone_8831_firmware | < 10.3\(1\)sr5 | 10.3\(1\)sr5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is unauthenticated HTTP connection to the web-based management interface supplying malicious user credentials during authentication ↗
- →Successful exploitation executes arbitrary code as the 'app' user on the device, which can be used as a privilege indicator in forensic analysis ↗
- →Target the web-based management interface of SIP Software on Cisco IP Phone 7800 and 8800 Series; monitor for unexpected HTTP authentication attempts or device reloads on these endpoints ↗
- ·Vulnerability is fixed in SIP Software 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; devices running earlier versions are vulnerable ↗
- ·Vulnerability is fixed in SIP Software 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; devices running earlier versions are vulnerable ↗
- ·Vulnerability is fixed in SIP Software 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series; devices running earlier versions are vulnerable ↗
- ·There are no workarounds available for this vulnerability ↗
- ·Cisco Bug IDs associated with this vulnerability are CSCvn56168, CSCvn72540, and CSCvo05687; useful for cross-referencing vendor advisories and patch tracking ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9798-53mw-wrx7: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone
ghsa_unreviewed·2022-05-13
CVE-2019-1716 [CRITICAL] CWE-20 GHSA-9798-53mw-wrx7: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 an
Cisco
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
vendor_cisco·2019-03-20·CVSS 7.5
CVE-2019-1716 [HIGH] CWE-20 Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.
The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user.
Cisc
Cisco
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1716 Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
CVE-2019-1716: Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the
No detection rules found.
No writeups or analysis indexed.
2019-03-22
Published