CVE-2017-12219

Published: Sep 21, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.

Affected (11)

Products: Cisco: Spa 301 Firmware, Spa 303 Firmware, Spa 500ds Firmware, Spa 500s Firmware, Spa 501g Firmware, Spa 502g Firmware, Spa 504g Firmware, Spa 508g Firmware, Spa 509g Firmware, Spa 512g Firmware, Spa 514g Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 301 Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 301	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 303 Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 303	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 500ds Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 500ds	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 500s Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 500s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 501g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 501g	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 502g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 502g	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 504g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 504g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 508g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 508g	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 509g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 509g	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 512g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 512g	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Spa 514g Firmware	Version 7.6.2

Running on/with	Platform Versions
Cisco Spa 514g	All versions

Related CWEs

CWE-399

References (6)

http://www.securityfocus.com/bid/100926

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039413

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/100926

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039413

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.