CVE-2019-1765
Last modified
CVE-2019-1765 is a vulnerability of currently unknown severity. A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ip Phone 8821 Firmware | < 11.0\(5\) |
| Cisco | Ip Phone 8821-Ex Firmware | < 11.0\(5\) |
| Cisco | Ip Conference Phone 8832 Firmware | < 12.5\(1\)sr1 |
| Cisco | Ip Phone 8800 Firmware | < 12.5\(1\)sr1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1765?
How severe is CVE-2019-1765?
How do I fix CVE-2019-1765?
Are you affected by CVE-2019-1765?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST