Denial of Service Vulnerability in Cisco IP Phone 8800 Series
CVE-2017-12328

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ip Phone 8800 Series
Vendor
CVE Published:
30 November 2017

Summary

A security flaw exists in the Session Initiation Protocol (SIP) handling of Cisco IP Phone 8800 Series devices, allowing an unauthenticated remote attacker to disrupt service. By sending a malformed SIP packet, the attacker can trigger an unexpected restart of the SIP process, resulting in a denial of service condition where all active calls are dropped. This vulnerability arises from improper input validation in the SIP packet header. Organizations using affected devices should implement security measures to mitigate potential attacks and ensure reliable communication.

Affected Version(s)

Cisco IP Phone 8800 Series Cisco IP Phone 8800 Series

References

http://www.securitytracker.com/id/1039922
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102003
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.