Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability
CVE-2019-1922

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Ip Phone 8800 Series Software
Vendor: CVE Published:; 6 July 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

Affected Version(s)

Cisco IP Phone 8800 Series Software < 12.0(1)MN130

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jul 6, 2019
Vulnerability Reserved
Dec 6, 2018