Session Initiation Protocol Vulnerability in Cisco Small Business IP Phones
CVE-2017-12259

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Small Business Spa51x Series Ip Phones
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco Small Business SPA51x Series IP Phones, allowing remote attackers to cause a denial of service (DoS) condition. This occurs due to improper handling of SIP request messages, enabling attackers to send malformed messages to unprotected devices. Successful exploitation results in the affected IP phones becoming unresponsive, leading to a DoS scenario that requires manual device reboot to restore functionality. Users of Cisco SPA51x Firmware Release 7.6.2SR1 or earlier should take immediate precautions to mitigate potential risks.

Affected Version(s)

Cisco Small Business SPA51x Series IP Phones Cisco Small Business SPA51x Series IP Phones

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039615
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101488
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.