Executive Summary
Summary | |
---|---|
Title | Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20171018-sip | First vendor Publication | 2017-10-18 |
Vendor | Cisco | Last vendor Modification | 2017-10-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZ53tOZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkikQ/8DrhZbod6YPdz8rWa SIpHctX9cvl5oHviwwIVd0a08W/c8yEoPX3QxmJk14ePZIpcSVg58eUhhQSd9gBN y6OkNFux7EtL35ShfLHGxKdN08Fx4z5bREzXrrqnWL7X71TRDmSRPr3h2OL+SEod JwT3YP2zL7sxqzFRr9WyUmugzHuhUGQPCMcuoosz50mmzqn71b6RUitMpKP1RlJX LV9c4S0So0GPfs7v5xEsksePZbsb/VVNWbAkQ33NrUYBOwJ+n6Ot3FXUJBD12NF +m501Fgh89kZt+cjhJv3EQ0usvIXwUqh8IoATWboAQQpmXqUkFVWjV/YgT907DjJC fR+II6xUM46u37GzNadWa5BxUMrEWAW3LAxz1pgKbuxCpCieibHoES+CAeyiVHgs jTTlBnSXt7R0zeaX8HCe2P4oFLHzLXjuqm1Yl4iYHrn2xhMd4iE617WwXxz08r7d IAug3pddqE0rAgzleHPuMVrEzxd0+Pj2Q6+OrvCzydzqUl5Q2ADF6IGK3hcCb4QC 5+R/zrEXTKsADKQBHLIzp9Iuh+gSPrvZi8pbkG8egmigHPekDgM/Y0+cIXcM3XLE emAd13MqJ2TSp27BCd0HEed/qwk1J7lwEDf4XUoYP7bVAPiUF1SEKfFOZ9Asek57 Lu33xQYp3nSGkIxEQxICX5UNsRc= =Qj36 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2017-11-06 21:28:26 |
|
2017-10-19 13:26:39 |
|
2017-10-18 21:22:38 |
|