admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release/20190313-1700'

Browse Source
This commit is contained in:
CVE Team 2019-03-13 17:39:49 -04:00
commit 83218c48f7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 172 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2018/0xxx/CVE-2018-0389.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-13T16:00:00-0700",
"ID": "CVE-2018-0389",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business SPA500 Series IP Phones ",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.6.2SR2"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-13T16:00:00-0700",
"ID" : "CVE-2018-0389",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Small Business SPA500 Series IP Phones ",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.6.2SR2"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.5",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190313 Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip"
}
]
},
"source": {
"advisory": "cisco-sa-20190313-sip",
"defect": [
[
"CSCvc63989"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190313 Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190313-sip",
"defect" : [
[
"CSCvc63989"
]
],
"discovery" : "INTERNAL"
}
}

177
2019/1xxx/CVE-2019-1723.json
View File

@ -1,92 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-13T16:00:00-0700",
"ID": "CVE-2019-1723",
"STATE": "PUBLIC",
"TITLE": "Cisco Common Services Platform Collector Static Credential Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Common Services Platform Collector Software ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.7.4.6"
},
{
"affected": "<",
"version_value": "2.8.1.2"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-13T16:00:00-0700",
"ID" : "CVE-2019-1723",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Common Services Platform Collector Static Credential Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Common Services Platform Collector Software ",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.7.4.6"
},
{
"affected" : "<",
"version_value" : "2.8.1.2"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "9.8",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190313 Cisco Common Services Platform Collector Static Credential Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv"
}
]
},
"source": {
"advisory": "cisco-sa-20190313-cspcscv",
"defect": [
[
"CSCvo38510"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190313 Cisco Common Services Platform Collector Static Credential Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190313-cspcscv",
"defect" : [
[
"CSCvo38510"
]
],
"discovery" : "INTERNAL"
}
}