CVE-2019-1763

CWE-284Improper Access Control4 documents4 sources
Severity
7.5HIGH
EPSS
1.1%
top 21.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco Cisco IP Conference Phone 8832 AND THE Rest OF THE IP Phone 8800 SeriesCisco Cisco Wireless IP Phone 8821 AND 8821-exCisco IP Conference Phone 8832 Firmware+3 more
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gai

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDcisco/ip_phone_8800_firmware< 12.5\(1\)sr1
CVEListV5cisco/cisco_wireless_ip_phone_8821_and_8821-exunspecified11.0(5)

🔴Vulnerability Details

2
GHSA
GHSA-p8vp-w9wf-97hp: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unau2022-05-13
CVEList
Cisco IP Phone 8800 Series Authorization Bypass Vulnerability2019-03-22

📋Vendor Advisories

1
Cisco
Cisco IP Phone 8800 Series Authorization Bypass Vulnerability2019-03-20