CVE-2019-1635

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 7800 Series and 8800 Series (affected versions not specified)

Description The issue is related to errors in resource management in the call-handling functionality of Cisco IP Phone software. It could allow a remote attacker to cause a denial of service condition by sending a specially crafted SIP packet to the vulnerable phone. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this by sending a SIP packet with a malicious XML payload, causing the phone to reload unexpectedly and resulting in a temporary denial of service condition.

Recommendations For Cisco IP Phone 7800 Series and 8800 Series, consider restricting access to SIP packets until a patch is available. As a temporary workaround, avoid using the SIP protocol with untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.