CVE-2019-1765

CWE-22Path Traversal11 documents6 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 67.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco Cisco IP Conference Phone 8832 AND THE Rest OF THE IP Phone 8800 SeriesCisco Cisco Wireless IP Phone 8821 AND 8821-exCisco IP Conference Phone 8832 Firmware+3 more
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesys

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

NVDcisco/ip_phone_8800_firmware< 12.5\(1\)sr1
CVEListV5cisco/cisco_wireless_ip_phone_8821_and_8821-exunspecified11.0(5)

🔴Vulnerability Details

2
GHSA
GHSA-2473-cf85-p25m: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an auth2022-05-13
CVEList
Cisco IP Phone 8800 Series Path Traversal Vulnerability2019-03-22

📋Vendor Advisories

1
Cisco
Cisco IP Phone 8800 Series Path Traversal Vulnerability2019-03-20

💬Community

7
HackerOne
Docker image with FPM is vulnerable to CVE-2019-110432020-03-14
Bugzilla
CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function2019-08-07
Bugzilla
CVE-2019-11717 Mozilla: Caret character improperly escaped in origins2019-07-10
Bugzilla
CVE-2019-11713 Mozilla: Use-after-free with HTTP/2 cached stream2019-07-10
Bugzilla
CVE-2019-9811 Mozilla: Sandbox escape via installation of malicious language pack2019-07-10