Vulnerabilities > CVE-2019-1887 - Out-of-bounds Write vulnerability in Cisco Unified Communications Manager

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
CWE-787
nessus
NVD
Published: 2019-07-06
Updated: 2019-10-09

Summary

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.

Vulnerable Configurations

Part Description Count
Application
Cisco
4

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190703-CUCM-DOS.NASL
descriptionAccording to its self-reported version, Cisco Unified Communications Manager is affected by a vulnerability in the Session Initiation Protocol (SIP) protocol implementation could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen2020-06-01
modified2020-06-02
plugin id126644
published2019-07-12
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126644
titleCisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
code
#TRUSTED 44f2f1675f2219d89ff7d085fe1e9d70658109e39533b0322593e940575886e90ccacf968ae5129d8378b30651ce151d4df2153f7d727f969435cb20d04747d3feb5c37f7c913b61e693e1332831cb8a68d31e78a7df94c4bb6b78269332697834fcd7685bb6a8479166bf96ac0684ca062ae15f5aefe2aa431aab585d859a3f50a10110ff02f36799f34db22255f0e3f344a2067875877fdea0838d9180a25292c8ff20c28098de269ab645e726dc28ffd8f36c246d76ff2100d0ab750fdb64f863e3d163a7a933b6e11492c378c4d23fade12c1548991ce0cca3b2e791bf429e06d07fff78a0dfef373c742581c23c9c8dd3602c79cdd3119be08b8f12cebff51c0e11276df79ae7577170c2648c2dfb2240a65411c3ba8661e16b60b986a86f0e702c1cb5e050be96e0b1e6dcfcae5742c193130ef9a3641d4ecacaa74c3ff60a61a03621a937c74f73eef6e8dad0d1fc503bd5f0aabf320d55434f5e4ef3f03dda496d0bca8740a88ae2dd27134efa392398bc1f776d772de5c962bca776ab8533f5cf84eff3e41ddfd4584e70d43bdbb4e14e414cbf21d054b8c9a7f3c578bbc601f36889c98bfa016d77cb56749ee26b217f2cc9cf0ad7956fbd343ce6c5de4038e74aafb0ac11d73365e233e1cc5767d14be3b90b354dec102030981d76c20147126db2fddfc9884b152b1774e88e5a3c3b6abb9d6893bdec1e84d95b
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126644);
  script_version("1.6");
  script_cvs_date("Date: 2019/12/20");

  script_cve_id("CVE-2019-1887");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvo70834");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190703-cucm-dos");

  script_name(english:"Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability");
  script_summary(english:"Checks the version of Cisco Unified Communications Manager");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Unified Communications Manager is affected by a vulnerability in the
Session Initiation Protocol (SIP) protocol implementation could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker
could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager.
A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily
disrupting service. Please see the included Cisco BIDs and Cisco Security Advisory for more information");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cbdacd35");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo70834");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo70834");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1887");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(787);


  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_communications_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ucm_detect.nbin");
  script_require_keys("Host/Cisco/CUCM/Version", "Host/Cisco/CUCM/Version_Display");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

product_info = cisco::get_product_info(name:"Cisco Unified Communications Manager");

vuln_ranges = [
  {'min_ver' : '0.0',  'fix_ver' : '10.5.2.17900.13'},
  {'min_ver' : '11.5', 'fix_ver' : '11.5.1.15900.18'},
  {'min_ver' : '12.0', 'fix_ver' : '12.0.1.22900.11'},
  {'min_ver' : '12.5', 'fix_ver' : '12.5.1.10000.22'}
];

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['display_version'],
  'bug_id'   , 'CSCvo70834');

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges);

References