Executive Summary

Title Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
Name cisco-sa-20171018-sip1 First vendor Publication 2017-10-18
Vendor Cisco Last vendor Modification 2017-10-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"]


iQKBBAEBAgBrBQJZ53tQZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmQcQ//WixnKTOhM9Iy9BX2 Quw7woSyl6+ukT9nwVUNo4BgmPX9jU2SLKKmQVKRRn4ZL5MFGTa6DCgDGRo/WGrV QZIVTA5hhQDhLAYAy8r/yqK3XUjy/ExI3LNWjh4iOjFFpbiZhh2xbWdLKOPWC1mG 4RGes8Dm3A5yQNvn708zm2CGSwCvGZhAPnkPs07bUEgRIqF7UG8Xwv+t2xbsGDXs kpF3M6gTxUKIHqmu8OfrLFJAdkgYRvYBAPiswrFQNh3Nl/AFV8uT/SEHmMLJ7h3U 1Vw7MlMq0M7LU/1nVrEf0t5XkeJVme48OopsfnUgX1RFLcraFtqvu5ZGihAPenJd mdT6gtiqXxXXGJvkQXc7YZn2aTHuXbTZ8/dNRFc3DAmSnPJ7jJb5OGjI7VMHDLeZ 49rogMSb4nr1YmhttnXCnzvIAjNg2Cozs6W+G34VZvYXrYOAwPDj51duhUMvfv7V gW0JfvSYQcXqwIgXJG2dU8HSHgLGIQT73mNC3WJrjDA3IKjGKYAMV+OtSBrUs9W +6LAjn6Fx+Bb23NLAMPwIe0wfCOtg6RcWQbCW6U2SfdQFP4rYoCxYT8Bj0LMxGtd2 jAcuqpyE12o6Qa7mabCwNWciYE6QmUxlCjHq3Jqt73jldClX7Pk1NQmVjAppi+Ph xbWymYRYTgzKLxL9hrrQAtU0NLU= =Cssw END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1

Snort® IPS/IDS

Date Description
2014-01-10 Via header format string attempt
RuleID : 11987 - Revision : 8 - Type : PROTOCOL-VOIP

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-11-06 21:28:26
  • Multiple Updates
2017-10-19 13:26:39
  • Multiple Updates
2017-10-18 21:22:39
  • First insertion