CVE-2019-1683: Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
First published: Mon Feb 25 2019(Updated: )
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco SPA112 2-Port Phone Adapter Firmware | =1.4.2 | |
| Cisco SPA112 2-Port Phone Adapter Firmware | ||
| All of | ||
| Cisco SPA 525G2 Firmware | =7.6.2 | |
| Cisco SPA 525g | ||
| All of | ||
| Cisco SPA5x5 firmware | =7.6.2 | |
| Cisco SPA5x5 firmware | ||
| All of | ||
| Cisco SPA 500 Series IP Phone Firmware | =1.4.2 | |
| Cisco SPA 500 | ||
| All of | ||
| Cisco SPA 500s Firmware | =1.4.2 | |
| Cisco SPA 500 | ||
| All of | ||
| Cisco SPA 500DS Firmware | =1.4.2 | |
| Cisco SPA 500 DS | ||
| All of | ||
| Cisco SPA 501G Firmware | =1.4.2 | |
| Cisco SPA 501G Firmware | ||
| All of | ||
| Quectel RG502Q-EA Firmware | =1.4.2 | |
| Cisco SPA 502G Firmware | ||
| All of | ||
| Cisco SPA504G | =1.4.2 | |
| Cisco SPA 500 Series | ||
| All of | ||
| Cisco SPA508G Firmware | =1.4.2 | |
| Cisco SPA 508G | ||
| All of | ||
| Cisco SPA 509g firmware | =1.4.2 | |
| Cisco SPA 509G | ||
| All of | ||
| Cisco SPA 512G Firmware | =1.4.2 | |
| Cisco SPA 512G Firmware | ||
| All of | ||
| Cisco SPA514G | =1.4.2 | |
| Cisco SPA 514G Firmware | ||
| All of | ||
| Cisco SPA 525g firmware | =1.4.2 | |
| Cisco SPA 525G2 Firmware | ||
| Cisco SPA112 2-Port Phone Adapter Firmware | =1.4.2 | |
| Cisco SPA112 2-Port Phone Adapter Firmware | ||
| Cisco SPA 525G2 Firmware | =7.6.2 | |
| Cisco SPA 525g | ||
| Cisco SPA5x5 firmware | =7.6.2 | |
| Cisco SPA5x5 firmware | ||
| Cisco SPA 500 Series IP Phone Firmware | =1.4.2 | |
| Cisco SPA 500 | ||
| Cisco SPA 500s Firmware | =1.4.2 | |
| Cisco SPA 500 | ||
| Cisco SPA 500DS Firmware | =1.4.2 | |
| Cisco SPA 500 DS | ||
| Cisco SPA 501G Firmware | =1.4.2 | |
| Cisco SPA 501G Firmware | ||
| Quectel RG502Q-EA Firmware | =1.4.2 | |
| Cisco SPA 502G Firmware | ||
| Cisco SPA504G | =1.4.2 | |
| Cisco SPA 500 Series | ||
| Cisco SPA508G Firmware | =1.4.2 | |
| Cisco SPA 508G | ||
| Cisco SPA 509g firmware | =1.4.2 | |
| Cisco SPA 509G | ||
| Cisco SPA 512G Firmware | =1.4.2 | |
| Cisco SPA 512G Firmware | ||
| Cisco SPA514G | =1.4.2 | |
| Cisco SPA 514G Firmware | ||
| Cisco SPA 525g firmware | =1.4.2 | |
| Cisco SPA 525G2 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-1683.
What is the severity of CVE-2019-1683?
The severity of CVE-2019-1683 is high, with a CVSS score of 7.4.
Which software is affected by CVE-2019-1683?
The Cisco SPA112, SPA525, and SPA5X5 Series IP Phones are affected by CVE-2019-1683.
How can an attacker exploit CVE-2019-1683?
An unauthenticated, remote attacker can exploit CVE-2019-1683 to listen to or control certain aspects of a TLS-encrypted SIP conversation.
Where can I find more information about CVE-2019-1683?
You can find more information about CVE-2019-1683 on the SecurityFocus and Cisco Security Advisory websites.
- agent/references
- agent/type
- agent/title
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco spa112 2-port phone adapter firmware
- version/cisco spa112 2-port phone adapter firmware/1.4.2
- canonical/cisco spa 525g2 firmware
- version/cisco spa 525g2 firmware/7.6.2
- canonical/cisco spa 525g
- canonical/cisco spa5x5 firmware
- version/cisco spa5x5 firmware/7.6.2
- canonical/cisco spa 500 series ip phone firmware
- version/cisco spa 500 series ip phone firmware/1.4.2
- canonical/cisco spa 500
- canonical/cisco spa 500s firmware
- version/cisco spa 500s firmware/1.4.2
- canonical/cisco spa 500ds firmware
- version/cisco spa 500ds firmware/1.4.2
- canonical/cisco spa 500 ds
- canonical/cisco spa 501g firmware
- version/cisco spa 501g firmware/1.4.2
- canonical/quectel rg502q-ea firmware
- version/quectel rg502q-ea firmware/1.4.2
- canonical/cisco spa 502g firmware
- canonical/cisco spa504g
- version/cisco spa504g/1.4.2
- canonical/cisco spa 500 series
- canonical/cisco spa508g firmware
- version/cisco spa508g firmware/1.4.2
- canonical/cisco spa 508g
- canonical/cisco spa 509g firmware
- version/cisco spa 509g firmware/1.4.2
- canonical/cisco spa 509g
- canonical/cisco spa 512g firmware
- version/cisco spa 512g firmware/1.4.2
- canonical/cisco spa514g
- version/cisco spa514g/1.4.2
- canonical/cisco spa 514g firmware
- canonical/cisco spa 525g firmware
- version/cisco spa 525g firmware/1.4.2