CVE-2019-1683 - 漏洞详情

CVE-2019-1683 (CNNVD-201902-801)

MEDIUM

中文标题:

Cisco SPA112、SPA525和SPA5X5 Series 信任管理问题漏洞

英文标题:

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

CVSS分数: 6.5

发布时间: 2019-02-25 17:00:00

漏洞类型: 信任管理问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco SPA112 Series等都是美国思科（Cisco）公司的产品。Cisco SPA112 Series是一款SPA112系列IP电话。SPA525 Series是一款SPA525系列IP电话。SPA5X5 Series是一款SPA5X5系列IP电话。 Cisco SPA112、SPA525和SPA5X5 Series中的证书处理组件存在信任管理问题漏洞，该漏洞源于程序没有正确验证服务器证书。远程攻击者可通过构建恶意的服务器证书利用该漏洞监听或控制部分被安全传输层协议（TLS）加密的会话初始协议（SIP）通话。

英文描述:

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

CWE类型:

CWE-295

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Cisco	Cisco Small Business SPA500 Series IP Phones	1.4.2	-	-	`cpe:2.3:a:cisco:cisco_small_business_spa500_series_ip_phones:1.4.2:::::::*`
Cisco	Cisco Small Business SPA112 Series IP Phones	1.4.2	-	-	`cpe:2.3:a:cisco:cisco_small_business_spa112_series_ip_phones:1.4.2:::::::*`
Cisco	Cisco Small Business SPA525 Series IP Phones	7.6.2	-	-	`cpe:2.3:a:cisco:cisco_small_business_spa525_series_ip_phones:7.6.2:::::::*`
Cisco	Cisco Small Business SPA5X5 Series IP Phones	7.6.2	-	-	`cpe:2.3:a:cisco:cisco_small_business_spa5x5_series_ip_phones:7.6.2:::::::*`
cisco	spa112_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa112_firmware:1.4.2:::::::*`
cisco	spa525_firmware	7.6.2	-	-	`cpe:2.3:o:cisco:spa525_firmware:7.6.2:::::::*`
cisco	spa5x5_firmware	7.6.2	-	-	`cpe:2.3:o:cisco:spa5x5_firmware:7.6.2:::::::*`
cisco	spa500_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa500_firmware:1.4.2:::::::*`
cisco	spa500s_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa500s_firmware:1.4.2:::::::*`
cisco	spa500ds_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa500ds_firmware:1.4.2:::::::*`
cisco	spa501g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa501g_firmware:1.4.2:::::::*`
cisco	spa502g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa502g_firmware:1.4.2:::::::*`
cisco	spa504g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa504g_firmware:1.4.2:::::::*`
cisco	spa508g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa508g_firmware:1.4.2:::::::*`
cisco	spa509g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa509g_firmware:1.4.2:::::::*`
cisco	spa512g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa512g_firmware:1.4.2:::::::*`
cisco	spa514g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa514g_firmware:1.4.2:::::::*`
cisco	spa525g_firmware	1.4.2	-	-	`cpe:2.3:o:cisco:spa525g_firmware:1.4.2:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability vendor-advisory
cve.org

访问

107111 vdb-entry
cve.org

访问

CVSS评分详情

3.0 (cna)

MEDIUM

6.5

CVSS向量: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

机密性

HIGH

完整性

LOW

可用性

NONE

时间信息

发布时间:

2019-02-25 17:00:00

修改时间:

2024-11-21 19:44:31

创建时间:

2025-11-11 15:35:37

更新时间:

2025-11-11 15:54:20

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2019-1683`	2025-11-11 15:20:08	2025-11-11 07:35:37
NVD	`nvd_CVE-2019-1683`	2025-11-11 14:56:20	2025-11-11 07:44:09
CNNVD	`cnnvd_CNNVD-201902-801`	2025-11-11 15:10:10	2025-11-11 07:54:20

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:54:20

vulnerability_type: 未提取 → 信任管理问题; cnnvd_id: 未提取 → CNNVD-201902-801; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 信任管理问题
cnnvd_id: 未提取 -> CNNVD-201902-801
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:44:09

affected_products_count: 4 → 18; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 4 -> 18
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2019-1683 (CNNVD-201902-801)

中文标题:

Cisco SPA112、SPA525和SPA5X5 Series 信任管理问题漏洞

英文标题:

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.0 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史