PT-2019-2653 · Cisco · Cisco Ip Phone

Published

2019-07-03

Updated

2019-10-09

CVE-2019-1922

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series (affected versions not specified)

Description The issue is related to insufficient validation of input Session Initiation Protocol (SIP) packets, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. An attacker could exploit this by altering the SIP replies sent to the phone during the registration process, potentially causing the phone to reboot and not complete the registration process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2019-02539

CVE-2019-1922

Affected Products

Cisco Ip Phone

PT-2019-2653 · Cisco · Cisco Ip Phone

CVE-2019-1922

Weakness Enumeration

Related Identifiers

Affected Products

References · 6