CVE-2019-1922

MEDIUM

Cisco IP Phone 7800 and 8800 Series - Denial of Service via SIP Packet Input Validation

Title source: llm
STIX 2.1

Description

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

References (1)

Core 1

Scores

CVSS v3 5.3
EPSS 0.0132
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (19)
cisco/ip_conference_phone_7832_firmware
cisco/ip_conference_phone_8832_firmware 11.5\(1\)
cisco/ip_conference_phone_8832_firmware 12.5\(1\)
cisco/ip_phone_7811_firmware
cisco/ip_phone_7821_firmware
cisco/ip_phone_7841_firmware
cisco/ip_phone_7861_firmware
cisco/ip_phone_8811_firmware 11.5\(1\)
cisco/ip_phone_8811_firmware 12.5\(1\)
cisco/ip_phone_8841_firmware 11.5\(1\)
... and 9 more
Published Jul 06, 2019
Tracked Since Feb 18, 2026