Strix
26.1K

CVE-2019-1683

HIGHCVSS 7.4/10EPSS 0.87%

Last modified

CVE-2019-1683 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. EPSS estimates a 0.87% chance of exploitation in the next 30 days.

Description

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Metrics

CVSS 3.1
7.4/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.87%

54.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoSpa112 Firmware1.4.2
CiscoSpa525 Firmware7.6.2
CiscoSpa5x5 Firmware7.6.2
CiscoSpa500 Firmware1.4.2
CiscoSpa500s Firmware1.4.2
CiscoSpa500ds Firmware1.4.2
CiscoSpa501g Firmware1.4.2
CiscoSpa502g Firmware1.4.2
CiscoSpa504g Firmware1.4.2
CiscoSpa508g Firmware1.4.2
CiscoSpa509g Firmware1.4.2
CiscoSpa512g Firmware1.4.2
CiscoSpa514g Firmware1.4.2
CiscoSpa525g Firmware1.4.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1683?
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
How severe is CVE-2019-1683?
CVE-2019-1683 has a CVSS score of 7.4/10 (HIGH severity). The EPSS model estimates a 0.87% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1683?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1683?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST