Cisco Patches High Severity Vulnerabilities in IP Phones

Cisco this week released security patches to address high severity vulnerabilities in its IP Phone 8800 Series and IP Phone 7800 Series. 

A total of five vulnerabilities were addressed, all impacting the web-based management interface of Session Initiation Protocol (SIP) Software of IP Phone 8800 Series. 

Tracked as CVE-2019-1765, the first vulnerability is a path traversal that could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The issue is created due to insufficient input validation and file-level permissions and can be exploited by uploading invalid files to an affected device.

The second issue, CVE-2019-1766, could be exploited by an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The bug resides in the affected software not restricting the maximum size of certain files that can be written to disk. 

“An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition,” Cisco explains. 

An authorization bypass (CVE-2019-1763) could be exploited to access critical services and cause a denial of service (DoS) condition. The vulnerability is caused by a failure to sanitize URLs before handling requests and can be triggered by submitting a crafted URL. 

The SIP software is also impacted by a Cross-Site Request Forgery (CVE-2019-1764) flaw, due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker can exploit the bug by tricking the user into following a crafted link. They can then perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

The fifth bug is a remote code execution vulnerability (CVE-2019-1716) impacting both IP Phone 7800 Series and IP Phone 8800 Series and caused by improper validation of user-supplied input during user authentication. 

“An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user,” Cisco explains. 

Earlier this week, the company patched vulnerabilities in the Nexus 9000 Series ACI Mode Switch Software (a shell escape – CVE-2019-1591) and NX-OS Software (unauthorized filesystem access – CVE-2019-1601; denial of service – CVE-2019-1616; improper verification of digital signatures for software images – CVE-2019-1615; and command injection – CVE-2019-1613). 

Related: Default Account in Cisco CSPC Allows Unauthorized Access

Related: Cisco Patches Critical Vulnerability in Wireless Routers