Cisco released security patches this week to address high-level vulnerabilities in the IP Phone 8800 series and IP Phone 7800 series.
A total of five vulnerabilities have been addressed, all affecting the IP Phone 8800 Series web-based management interface’s Session Initiation Protocol (SIP) software. The first vulnerability is tracked as CVE-2019-1765 and is the cross-path that enables a remote authenticated attacker to write arbitrary files on the file system.
The problem is created due to insufficient validation of permissions for inputs and files levels and can be exploited by uploading invalid files to the affected device.
The second problem, CVE-2019-1766, can be exploited by a remote attacker that is not authenticated and causes high disk usage, resulting in service denial (DoS). The bug does not limit the maximum size of certain files that can be written in the affected software on a disk. “This vulnerability could be exploited by an attacker with valid administrator credentials for the affected system if a remote connection request was sent to the affected system.
A successful exploit could allow the attached to type a file that uses most of the disk space available on this system, leading to an abnormal operation of the application functions and a DoS condition,” Cisco explains. Authorization bypass (CVE-2019-1763) could be used to access critical services and result in a Denial of Service (DoS) condition.
This vulnerability is caused by a lack of sanitizing URLs before the requests are processed and may be triggered by a custom URL. A Cross-Site Request Forgery (CVE-2019-1764) also affects the SIP software, as there are not enough CSRF protections for the web-based management interface of an affected device.
An attacker may exploit the bug by tricking the user to a fabricated link. They can then perform arbitrary actions on a targeted device with the user’s privileges. Fifth bug is vulnerability in remote code execution (CVE-2019-1716), affecting both IP Phone 7800 and IP Phone 8800 series, and caused by unsuitable user-supplied validation of user authentication data.
“An attacker may exploit this problem by connecting to HTTP and providing malicious user credentials to an affected device. A successful exploit could allow an attacker to reload the affected device, cause a DoS condition, or use the user’s privilege to execute arbitrary code,” Cisco explains.
The company had patched vulnerabilities earlier this week in the Nexus 9000 Series ACI Mode switch software (CVE-2019-1591 shell escape) and NX-OS software (CVE-2019-1601 unauthorized filesystem access; denial of service (CVE-2019-161615), improper digital signature checks on software pictures-CVE-2019-1615; and command injection-CVE-2019-1613).