Denial of Service Vulnerability in Cisco IP Phone 7800 and 8800 Series
CVE-2018-0325

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Ip Phone 7800 Series And 8800 Series
Vendor
CVE Published:
17 May 2018

Summary

A vulnerability exists within the SIP call-handling functionality of Cisco's IP Phone 7800 and 8800 Series. It arises from insufficient input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser. An attacker can exploit this flaw by sending a specially crafted SIP packet, potentially leading to a denial of service condition. When exploited, this could drop all active calls on the targeted phone and cause the SIP process to restart unexpectedly, significantly disrupting communication services. To mitigate this vulnerability, it is essential for affected users to apply the latest security updates provided by Cisco.

Affected Version(s)

Cisco IP Phone 7800 Series and 8800 Series Cisco IP Phone 7800 Series and 8800 Series

References

http://www.securitytracker.com/id/1040927
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104202
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.