CVE-2019-1683 - Vulnerability Details

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00167.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Small Business SPA500 Series IP Phones

affected

Version	Status	Constraints
`1.4.2`	affected	—

Cisco

Cisco Small Business SPA112 Series IP Phones

affected

Version	Status	Constraints
`1.4.2`	affected	—

Cisco

Cisco Small Business SPA525 Series IP Phones

affected

Version	Status	Constraints
`7.6.2`	affected	—

Cisco

Cisco Small Business SPA5X5 Series IP Phones

affected

Version	Status	Constraints
`7.6.2`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:cisco:spa112_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:spa525_firmware:7.6.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:spa5x5_firmware:7.6.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa5x5:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:spa500_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:o:cisco:spa500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:spa500s_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:spa500ds_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:spa501g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:spa502g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:spa504g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cisco:spa508g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:spa509g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cisco:spa512g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:cisco:spa514g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cisco:spa525g_firmware:1.4.2:*:*:*:*:*:*:*

cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	Spa112 Subscribe Spa112 Firmware Subscribe Spa500 Subscribe Spa500 Firmware Subscribe Spa500ds Subscribe Spa500ds Firmware Subscribe Spa500s Subscribe Spa500s Firmware Subscribe Spa501g Subscribe Spa501g Firmware Subscribe Spa502g Subscribe Spa502g Firmware Subscribe Spa504g Subscribe Spa504g Firmware Subscribe Spa508g Subscribe Spa508g Firmware Subscribe Spa509g Subscribe Spa509g Firmware Subscribe Spa512g Subscribe Spa512g Firmware Subscribe Spa514g Subscribe Spa514g Firmware Subscribe Spa525 Subscribe Spa525 Firmware Subscribe Spa525g Subscribe Spa525g Firmware Subscribe Spa5x5 Subscribe Spa5x5 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-10240	A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/107111
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs

History

Thu, 21 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-02-25T17:00:00Z

Updated: 2024-11-21T19:44:31.986Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1683

Vulnrichment

Updated: 2024-08-04T18:28:42.555Z

NVD

Status : Modified

Published: 2019-02-25T17:29:00.280

Modified: 2024-11-21T04:37:05.440

Link: CVE-2019-1683

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-295

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object