VDB

CVE-2019-1635

CVE-2019-1635 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

EPSS 0.98% · 77.1th percentile

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.98%
77.1th percentile

Affected Products

VendorProductVersions
ciscounified_ip_8831_conference_phone_for_third-party_call_control2_firmware*, 11.0\(4\)sr2, 10.3\(1\)sr4b
ciscoip_phone_7841_firmware12.1\(1\)sr1, 11.0\(4\)sr2, 10.3\(1\)sr4b
ciscoip_phone_8811_firmware10.3\(1\)sr4b, 9.3\(4\)sr3, 11.0\(4\)sr2
CiscoCisco Wireless IP Phone 8821 and 8821-EXunspecified
ciscoip_phone_8851_firmware12.1\(1\)sr1, 9.3\(4\)sr3, 11.0\(4\)sr2
ciscoip_conference_phone_7832_firmware12.1\(1\)sr1, 11.0\(4\)sr2, 9.3\(4\)sr3
ciscounified_ip_8831_conference_phone1_firmware*, 12.1\(1\)sr1, 10.3\(1\)sr4b
ciscowireless_ip_phone_8821_firmware12.1\(1\)sr1, *, *
ciscoip_phone_8861_firmware9.3\(4\)sr3, *, 12.1\(1\)sr1
ciscoip_phone_8865_firmware9.3\(4\)sr3, 11.0\(4\)sr2, *
ciscoip_phone_7811_firmware12.1\(1\)sr1, 10.3\(1\)sr4b, 11.0\(4\)sr2
CiscoCisco IP Phone 7800 Series and 8800 Seriesunspecified
ciscoip_phone_8845_firmware12.1\(1\)sr1, *, *
ciscoip_phone_7861_firmware12.1\(1\)sr1, 11.0\(4\)sr2, 9.3\(4\)sr3
ciscowireless_ip_phone_8821-ex_firmware10.3\(1\)sr4b, 9.3\(4\)sr3, 11.0\(4\)sr2
ciscoip_phone_8841_firmware9.3\(4\)sr3, *, 12.1\(1\)sr1
ciscoip_phone_7821_firmware9.3\(4\)sr3, 12.1\(1\)sr1, 11.0\(4\)sr2
ciscoip_conference_phone_8832_firmware9.3\(4\)sr3, 10.3\(1\)sr4b, 11.0\(4\)sr2

Exploit Intelligence

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›