What is CVE-2019-1684?

CVE-2019-1684 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under CWE-399. CVSS score: 6.5/10. Published 2019-02-21.

How severe is CVE-2019-1684?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Buffer overflow in Cisco Ip Phone 8800 Series Software

CVE-2019-1684

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexp…

EPSS: 0.006 (45.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Ip Phone 8800 Series Software — versions unspecified
Cisco Ip_conference_phone_7832
Cisco Ip_conference_phone_7832_firmware
Cisco Ip_conference_phone_8832
Cisco Ip_conference_phone_8832_firmware
Cisco Ip_phone_7800
Cisco Ip_phone_7800_firmware
Cisco Ip_phone_7811
Cisco Ip_phone_7811_firmware
Cisco Ip_phone_7821

Weakness classification (CWE)

CWE-399
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-1684?: CVE-2019-1684 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under CWE-399. CVSS score: 6.5/10. Published 2019-02-21.
How severe is CVE-2019-1684?: Medium severity. CVSS v3 base score is 6.5 out of 10.