cnvd - cnvd-2019-04936

CNVD-2019-04936

Vulnerability from cnvd - Published: 2019-02-22

Title

Cisco SPA112、SPA525和SPA5X5 Series证书验证漏洞

Description

Cisco SPA112 Series等都是美国思科（Cisco）公司的产品。Cisco SPA112 Series是一款SPA112系列IP电话。SPA525 Series是一款SPA525系列IP电话。SPA5X5 Series是一款SPA5X5系列IP电话。 Cisco SPA112、SPA525和SPA5X5 Series中的证书处理组件存在安证书验证漏洞，该漏洞源于程序未能正确验证服务器证书，远程攻击者可通过构建恶意的服务器证书利用该漏洞监听或控制部分被安全传输层协议（TLS）加密的会话初始协议（SIP）通话。

Severity

中

Patch Name

Cisco SPA112、SPA525和SPA5X5 Series证书验证漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs

Impacted products

Name
['Cisco SPA5X5 Series', 'Cisco SPA112', 'Cisco SPA525']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1683"
    }
  },
  "description": "Cisco SPA112 Series\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco SPA112 Series\u662f\u4e00\u6b3eSPA112\u7cfb\u5217IP\u7535\u8bdd\u3002SPA525 Series\u662f\u4e00\u6b3eSPA525\u7cfb\u5217IP\u7535\u8bdd\u3002SPA5X5 Series\u662f\u4e00\u6b3eSPA5X5\u7cfb\u5217IP\u7535\u8bdd\u3002\n\nCisco SPA112\u3001SPA525\u548cSPA5X5 Series\u4e2d\u7684\u8bc1\u4e66\u5904\u7406\u7ec4\u4ef6\u5b58\u5728\u5b89\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6784\u5efa\u6076\u610f\u7684\u670d\u52a1\u5668\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u76d1\u542c\u6216\u63a7\u5236\u90e8\u5206\u88ab\u5b89\u5168\u4f20\u8f93\u5c42\u534f\u8bae\uff08TLS\uff09\u52a0\u5bc6\u7684\u4f1a\u8bdd\u521d\u59cb\u534f\u8bae\uff08SIP\uff09\u901a\u8bdd\u3002",
  "discovererName": "Jan Dubov\u00fd",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-04936",
  "openTime": "2019-02-22",
  "patchDescription": "Cisco SPA112 Series\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco SPA112 Series\u662f\u4e00\u6b3eSPA112\u7cfb\u5217IP\u7535\u8bdd\u3002SPA525 Series\u662f\u4e00\u6b3eSPA525\u7cfb\u5217IP\u7535\u8bdd\u3002SPA5X5 Series\u662f\u4e00\u6b3eSPA5X5\u7cfb\u5217IP\u7535\u8bdd\u3002\r\n\r\nCisco SPA112\u3001SPA525\u548cSPA5X5 Series\u4e2d\u7684\u8bc1\u4e66\u5904\u7406\u7ec4\u4ef6\u5b58\u5728\u5b89\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6784\u5efa\u6076\u610f\u7684\u670d\u52a1\u5668\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u76d1\u542c\u6216\u63a7\u5236\u90e8\u5206\u88ab\u5b89\u5168\u4f20\u8f93\u5c42\u534f\u8bae\uff08TLS\uff09\u52a0\u5bc6\u7684\u4f1a\u8bdd\u521d\u59cb\u534f\u8bae\uff08SIP\uff09\u901a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco SPA112\u3001SPA525\u548cSPA5X5 Series\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco SPA5X5 Series",
      "Cisco SPA112",
      "Cisco SPA525"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-22",
  "title": "Cisco SPA112\u3001SPA525\u548cSPA5X5 Series\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2019-1683 (GCVE-0-2019-1683)

Vulnerability from cvelistv5 – Published: 2019-02-25 17:00 – Updated: 2024-11-21 19:44

Title

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

Summary

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-295

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/107111	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Cisco

Cisco Small Business SPA500 Series IP Phones

Affected: 1.4.2

Cisco	Cisco Small Business SPA112 Series IP Phones	Affected: 1.4.2
Cisco	Cisco Small Business SPA525 Series IP Phones	Affected: 7.6.2
Cisco	Cisco Small Business SPA5X5 Series IP Phones	Affected: 7.6.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
          },
          {
            "name": "107111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107111"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:23.263210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:44:31.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Small Business SPA500 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA112 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA525 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA5X5 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.2"
            }
          ]
        }
      ],
      "datePublic": "2019-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-26T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
        },
        {
          "name": "107111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107111"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190220-ipphone-certs",
        "defect": [
          [
            "CSCvm49157",
            "CSCvn17125",
            "CSCvn17128"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
          "ID": "CVE-2019-1683",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Small Business SPA500 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA112 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA525 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190220-ipphone-certs",
          "defect": [
            [
              "CSCvm49157",
              "CSCvn17125",
              "CSCvn17128"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1683",
    "datePublished": "2019-02-25T17:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:44:31.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-04936

CVE-2019-1683 (GCVE-0-2019-1683)

Tags

Sightings

Nomenclature