Cisco IP Phone 8800 Series Authorization Bypass Vulnerability
CVE-2019-1763

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Wireless Ip Phone 8821 And 8821-ex
Cisco Ip Conference Phone 8832 And The Rest Of The Ip Phone 8800 Series
Vendor
CVE Published:
22 March 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.

Affected Version(s)

Cisco IP Conference Phone 8832 and the rest of the IP Phone 8800 Series < 12.5(1)SR1

Cisco Wireless IP Phone 8821 and 8821-EX < 11.0(5)

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.