Main Vulnerability Database SB2019022208

SB2019022208 - Denial of service in Cisco IP Phone 7800 and 8800 Series

Published: February 22, 2019

Security Bulletin ID SB2019022208

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-1684)

The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An adjacent attacker can send a malicious Cisco Discovery Protocol or LLDP packet and cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos