CVE-2019-1922

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

Published : 2019-07-06 02:15 Updated : 2019-10-09 23:48

7.8
CVSS Score More info
Score 7.8 / 10
7.8
Vendor Product Version URI
Cisco Ip Conference Phone 7832 Firmware - cpe:/o:cisco:ip_conference_phone_7832_firmware:-
Cisco Ip Conference Phone 8832 Firmware 11.5%281%29 cpe:/o:cisco:ip_conference_phone_8832_firmware:11.5%281%29
Cisco Ip Conference Phone 8832 Firmware 12.5%281%29 cpe:/o:cisco:ip_conference_phone_8832_firmware:12.5%281%29
Cisco Ip Phone 7811 Firmware - cpe:/o:cisco:ip_phone_7811_firmware:-
Cisco Ip Phone 7821 Firmware - cpe:/o:cisco:ip_phone_7821_firmware:-
Cisco Ip Phone 7841 Firmware - cpe:/o:cisco:ip_phone_7841_firmware:-
Cisco Ip Phone 7861 Firmware - cpe:/o:cisco:ip_phone_7861_firmware:-
Cisco Ip Phone 8811 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8811_firmware:11.5%281%29
Cisco Ip Phone 8811 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8811_firmware:12.5%281%29
Cisco Ip Phone 8841 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8841_firmware:11.5%281%29
Cisco Ip Phone 8841 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8841_firmware:12.5%281%29
Cisco Ip Phone 8845 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8845_firmware:11.5%281%29
Cisco Ip Phone 8845 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8845_firmware:12.5%281%29
Cisco Ip Phone 8851 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8851_firmware:11.5%281%29
Cisco Ip Phone 8851 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8851_firmware:12.5%281%29
Cisco Ip Phone 8861 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8861_firmware:11.5%281%29
Cisco Ip Phone 8861 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8861_firmware:12.5%281%29
Cisco Ip Phone 8865 Firmware 11.5%281%29 cpe:/o:cisco:ip_phone_8865_firmware:11.5%281%29
Cisco Ip Phone 8865 Firmware 12.5%281%29 cpe:/o:cisco:ip_phone_8865_firmware:12.5%281%29
  1. Cisco (12) Search CVE
    1. Ip Phone 7841 Firmware (1) Search CVE
      1. -
    2. Ip Phone 7821 Firmware (1) Search CVE
      1. -
    3. Ip Phone 7811 Firmware (1) Search CVE
      1. -
    4. Ip Phone 8845 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    5. Ip Phone 8841 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    6. Ip Phone 7861 Firmware (1) Search CVE
      1. -
    7. Ip Conference Phone 7832 Firmware (1) Search CVE
      1. -
    8. Ip Phone 8861 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    9. Ip Phone 8851 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    10. Ip Phone 8865 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    11. Ip Conference Phone 8832 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29
    12. Ip Phone 8811 Firmware (2) Search CVE
      1. 11.5%281%29
      2. 12.5%281%29

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-07-17 14:57
2019-07-06 02:15

New CVE