{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Cisco IP Phone ex\u00e9cutant une version logicielle de SIP ant\u00e9rieure \u00e0 11.0(5) pour Wireless IP Phone 8821-EX et 12.5(1)SR1 pour la s\u00e9rie IP Phone 8800","product":{"name":"IP Phone","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco IP Phone 7800 et 8800 ex\u00e9cutant une version logicielle de SIP avec la fonctionnalit\u00e9 web service active ant\u00e9rieure \u00e0 10.3(1)SR5 pour Unified IP Conference Phone 8831, 11.0(4)SR3 pour Wireless IP Phone 8821 et 8821-EX et 12.5(1)SR1 pour le restes des IP Phone 7800 et 8800","product":{"name":"IP Phone","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-1766","url":"https://www.cve.org/CVERecord?id=CVE-2019-1766"},{"name":"CVE-2019-1764","url":"https://www.cve.org/CVERecord?id=CVE-2019-1764"},{"name":"CVE-2019-1763","url":"https://www.cve.org/CVERecord?id=CVE-2019-1763"},{"name":"CVE-2019-1765","url":"https://www.cve.org/CVERecord?id=CVE-2019-1765"},{"name":"CVE-2019-1716","url":"https://www.cve.org/CVERecord?id=CVE-2019-1716"}],"links":[],"reference":"CERTFR-2019-AVI-120","revisions":[{"description":"Version initiale","revision_date":"2019-03-21T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IP Phone.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Cisco IP Phone","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipab du 20 mars 2019","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ip-phone-csrf du 20 mars 2019","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ip-phone-rce du 20 mars 2019","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipptv du 20 mars 2019","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipfudos du 20 mars 2019","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos"}]}