var-201906-0683
Vulnerability from variot
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack. Multiple Cisco Products are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvn00361, CSCvp51956. Cisco Expressway Series, etc. are all products of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0683",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication server",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "x8.1"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "telepresence video communication server",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "x12.5.2"
},
{
"model": "telepresence video communication server software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager im and presence service",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager im \u0026 presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(1)"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x8.9.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x8.1"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x12.5.2"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x8.1"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x12.5.2"
},
{
"model": "telepresence video communication server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x12.5.3"
}
],
"sources": [
{
"db": "BID",
"id": "108615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "x12.5.2",
"versionStartIncluding": "x8.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1845"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "108615"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1845",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-150797",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1845",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1845",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150797",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150797"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM\u0026amp;P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack. Multiple Cisco Products are prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCvn00361, CSCvp51956. Cisco Expressway Series, etc. are all products of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "BID",
"id": "108615"
},
{
"db": "VULHUB",
"id": "VHN-150797"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1845",
"trust": 2.8
},
{
"db": "BID",
"id": "108615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2027.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150797",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150797"
},
{
"db": "BID",
"id": "108615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"id": "VAR-201906-0683",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-150797"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:00:53.227000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190605-cucm-imp-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-cucm-imp-dos"
},
{
"title": "Multiple Cisco Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93251"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150797"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108615"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-cucm-imp-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1845"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1845"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-unified-communications-manager-im-p-service-denial-of-service-via-xmpp-authentication-29475"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2027.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2027/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150797"
},
{
"db": "BID",
"id": "108615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-150797"
},
{
"db": "BID",
"id": "108615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-150797"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108615"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"date": "2019-06-05T17:29:00.460000",
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"date": "2019-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-150797"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108615"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005276"
},
{
"date": "2019-10-09T23:48:19.300000",
"db": "NVD",
"id": "CVE-2019-1845"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005276"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-159"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.