CVE-2019-1766Improper Input Validation in Cisco IP Phone 8800 Series Software

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 20.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IP Phone 8800 Series SoftwareCisco IP Phone 8800 Firmware
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerabi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ip_phone_8800_series_softwareunspecified12.5(1)SR1
NVDcisco/ip_phone_8800_firmware< 12.5\(1\)sr1

🔴Vulnerability Details

2
GHSA
GHSA-29px-fxx4-vhvc: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unau2022-05-13
CVEList
Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability2019-03-22

📋Vendor Advisories

1
Cisco
Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability2019-03-20
CVE-2019-1766 — Improper Input Validation in Cisco | cvebase