Denial of Service Vulnerability in Cisco IP Phones 6800, 7800, and 8800 Series
CVE-2018-0316

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Ip Phone 6800, 7800, And 8800 Series Unknown
Vendor: CVE Published:; 7 June 2018

Summary

A vulnerability exists in the Session Initiation Protocol (SIP) call-handling capabilities of Cisco IP Phone 6800, 7800, and 8800 Series Phones that may allow an unauthenticated, remote attacker to disrupt services. When an incoming call is not answered, errors in the phone's firmware can be exploited by sending specially crafted SIP packets. This could lead to an unexpected reload of the device, resulting in temporary service disruption. The affected phones must be using Multiplatform Firmware versions prior to 11.1(2). For detailed information, refer to Cisco Bug ID CSCvi24718.

Affected Version(s)

Cisco IP Phone 6800, 7800, and 8800 Series unknown Cisco IP Phone 6800, 7800, and 8800 Series unknown

References

http://www.securitytracker.com/id/1041073

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2018
Vulnerability Reserved
Nov 27, 2017