CVE-2019-1764

CWE-352Cross-Site Request Forgery (CSRF)11 documents5 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco Cisco IP Conference Phone 8832 AND THE Rest OF THE IP Phone 8800 SeriesCisco Cisco Wireless IP Phone 8821 AND 8821-exCisco IP Conference Phone 8832 Firmware+3 more
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit c

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

NVDcisco/ip_phone_8800_firmware< 12.5\(1\)sr1
CVEListV5cisco/cisco_wireless_ip_phone_8821_and_8821-exunspecified11.0(5)

🔴Vulnerability Details

2
GHSA
GHSA-5rh5-cr8c-qg7h: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unau2022-05-13
CVEList
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability2019-03-22

📋Vendor Advisories

1
Cisco
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability2019-03-20

💬Community

7
Bugzilla
CVE-2019-11717 Mozilla: Caret character improperly escaped in origins2019-07-10
Bugzilla
CVE-2019-11711 Mozilla: Script injection within domain through inner window reuse2019-07-10
Bugzilla
CVE-2019-11713 Mozilla: Use-after-free with HTTP/2 cached stream2019-07-10
Bugzilla
CVE-2019-9811 Mozilla: Sandbox escape via installation of malicious language pack2019-07-10
Bugzilla
CVE-2019-11715 Mozilla: HTML parsing error can contribute to content XSS2019-07-10