How severe is CVE-2019-1684?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-1684?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2019-1684 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.

Related Vulnerabilities

CVE-2012-5030

MEDIUM

CVSS:6.5(Medium)

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking ...

CWE-3992012

CVE-2015-2927

MEDIUM

CVSS:6.5(Medium)

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

CWE-3992015

CVE-2015-6431

MEDIUM

CVSS:6.5(Medium)

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

CWE-3992015

CVE-2015-7461

MEDIUM

CVSS:6.5(Medium)

XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via cra...

CWE-3992015

CVE-2015-8345

MEDIUM

CVSS:6.5(Medium)

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

CWE-3992015

CVE-2015-8677

MEDIUM

CVSS:6.5(Medium)

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus se...

CWE-3992015