Denial of Service Vulnerability in Cisco Small Business SPA Series IP Phones
CVE-2017-12260

7.5HIGH

Key Information:

Vendor

Cisco
Status
Cisco Small Business Spa50x, Spa51x, And Spa52x Series Ip Phones
Vendor
CVE Published:
19 October 2017

What is CVE-2017-12260?

A vulnerability in the Session Initiation Protocol (SIP) functionality of Cisco's Small Business SPA Series IP Phones allows a remote attacker to exploit improperly handled SIP request messages. By sending specially formatted specifiers in the SIP payload to an affected device, an attacker can cause the device to become unresponsive. This results in a denial of service condition that remains until the device is restarted manually. The affected devices include those running firmware release 7.6.2SR1 or earlier, making them susceptible to this specific exploit.

Affected Version(s)

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones

References

http://www.securityfocus.com/bid/101495
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039616
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.