Executive Summary

Summary
Title Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability
Informations
Name cisco-sa-20171018-sip First vendor Publication 2017-10-18
Vendor Cisco Last vendor Modification 2017-10-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZ53tOZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkikQ/8DrhZbod6YPdz8rWa SIpHctX9cvl5oHviwwIVd0a08W/c8yEoPX3QxmJk14ePZIpcSVg58eUhhQSd9gBN y6OkNFux7EtL35ShfLHGxKdN08Fx4z5bREzXrrqnWL7X71TRDmSRPr3h2OL+SEod JwT3YP2zL7sxqzFRr9WyUmugzHuhUGQPCMcuoosz50mmzqn71b6RUitMpKP1RlJX LV9c4S0So0GPfs7v5xEsksePZbsb/VVNWbAkQ33NrUYBOwJ+n6Ot3FXUJBD12NF +m501Fgh89kZt+cjhJv3EQ0usvIXwUqh8IoATWboAQQpmXqUkFVWjV/YgT907DjJC fR+II6xUM46u37GzNadWa5BxUMrEWAW3LAxz1pgKbuxCpCieibHoES+CAeyiVHgs jTTlBnSXt7R0zeaX8HCe2P4oFLHzLXjuqm1Yl4iYHrn2xhMd4iE617WwXxz08r7d IAug3pddqE0rAgzleHPuMVrEzxd0+Pj2Q6+OrvCzydzqUl5Q2ADF6IGK3hcCb4QC 5+R/zrEXTKsADKQBHLIzp9Iuh+gSPrvZi8pbkG8egmigHPekDgM/Y0+cIXcM3XLE emAd13MqJ2TSp27BCd0HEed/qwk1J7lwEDf4XUoYP7bVAPiUF1SEKfFOZ9Asek57 Lu33xQYp3nSGkIxEQxICX5UNsRc= =Qj36 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2017-11-06 21:28:26
  • Multiple Updates
2017-10-19 13:26:39
  • Multiple Updates
2017-10-18 21:22:38
  • First insertion