Executive Summary
Summary | |
---|---|
Title | Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160831-spa | First vendor Publication | 2016-08-31 |
Vendor | Cisco | Last vendor Modification | 2016-08-31 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXxj/MAAoJEK89gD3EAJB5fiQP/iXbjAHIcxAZFq/nuKfScFTR Tukk4gfyLP6SA8LJwHPEKGPeUrc/u5yC/UtqEUGEVGivI3THG+o/cQllS9Gry8Px S4/2YwuLrihii68jEB4FqKrLrv+t8TpsQKTz9D//RiHeQ5GLQ1NIDliRA2y3jh3k yG4txfpOrOjm5flIsL7nEdYt7eGqtJaJt5bfrBv2GFkpD3rGhKcKKYhV9sfisZe7 CVTcePwVvLSGd5ClkRbVJ0xDhMT9fCb9tsi1FUaMZwjL0t5UkWfdUpi3KjHxql7r GZTBCOmcJ2ALMfK+mFTTT0TvlfogZs0vRo6PPKmYh57LDQ/sOZlrwBN4hw+2gOK +wW9uQZMPixo1k7CL7NKbo/Vetm43x0yHJqWffgv5AGHX1RwLLR4Ccf1/PoQqBsh0 fKHdoXjvvLBubC6mvKvG99s8q63whlAz9OwhrJ/J4r9J/lLajarKyp2nJEa0ox7l Ji8rI+o+EdlBpT8kufhlZjs5ute7l27QOFxsy4YMZnTAgEO3M39fMlW8jnVEBnxI pKfgQJ+g/8jwSx3tHtzZA7OjjOP+F4Dj5TC1qcADrIHrk84ok2xojWqhTJZvO6yt obvtQstJtoVtCyNZxKaMKJzWaVkiB8fEI7aMGk82ioCV+SytMMKbMxdxhDlxq0dU kXBRTHvADTwjYYTunD6x =bB6A END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-09-01 | Cisco Small Business SPA3x/5x series denial of service attempt RuleID : 40006 - Revision : 1 - Type : SERVER-OTHER |
Alert History
Date | Informations |
---|---|
2016-09-12 21:33:20 |
|
2016-09-12 17:27:30 |
|
2016-08-31 21:25:25 |
|