A vulnerability was found in Cisco IP Phone 7800 and IP Phone 8800 (IP Phone Software) (affected version not known) and classified as problematic. Affected by this issue is some unknown functionality of the component Session Initiation Protocol. The manipulation as part of a SIP Packet leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. CVE summarizes:

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

The weakness was released 07/06/2019 as cisco-sa-20190703-ip-phone-sip as confirmed advisory (Website). The advisory is available at tools.cisco.com. This vulnerability is handled as CVE-2019-1922 since 12/06/2018. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

Productinfo

Type

• IP Phone Software

Vendor

• Cisco

Name

• IP Phone 7800
• IP Phone 8800

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion