==================================================================== CERT-Renater Note d'Information No. 2019/VULN069 _____________________________________________________________________ DATE : 20/03/2019 HARDWARE PLATFORM(S): Cisco IP Phone 8800 Series, Cisco IP Phone 7800 Series. OPERATING SYSTEM(S): Cisco SIP software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce _____________________________________________________________________ 1) Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability CVE-2019-1764 SIR: High CVSS Score v(3.0): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf"] +-------------------------------------------------------------------- 2) Cisco IP Phone 8800 Series Path Traversal Vulnerability CVE-2019-1765 SIR: High CVSS Score v(3.0): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv"] +-------------------------------------------------------------------- 3) Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability CVE-2019-1766 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos"] +-------------------------------------------------------------------- 4) Cisco IP Phone 8800 Series Authorization Bypass Vulnerability CVE-2019-1763 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab"] +-------------------------------------------------------------------- 5) Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability CVE-2019-1716 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================