CVE-2018-0332
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
Affected (3)
Products: Cisco: Unified Ip Phone Firmware, Ip Phone Firmware
Configuration A
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 9951 | All versions |
Cisco Unified Ip Phone 9971 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.9(9.99002.1) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7906g | All versions |
Cisco Unified Ip Phone 7911g | All versions |
Cisco Unified Ip Phone 7912g | All versions |
Cisco Unified Ip Phone 7931g | All versions |
Cisco Unified Ip Phone 7940g | All versions |
Cisco Unified Ip Phone 7941g | All versions |
Cisco Unified Ip Phone 7942g | All versions |
Cisco Unified Ip Phone 7945g | All versions |
Cisco Unified Ip Phone 7960g | All versions |
Cisco Unified Ip Phone 7961g | All versions |
Cisco Unified Ip Phone 7962g | All versions |
Cisco Unified Ip Phone 7965g | All versions |
Cisco Unified Ip Phone 7975g | All versions |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7811 | All versions |
Cisco Ip Phone 7821 | All versions |
Cisco Ip Phone 7841 | All versions |
Cisco Ip Phone 7861 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.4(2)sr3.1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.4(2)sr4 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8811 | All versions |
Cisco Ip Phone 8841 | All versions |
Cisco Ip Phone 8845 | All versions |
Cisco Ip Phone 8851 | All versions |
Cisco Ip Phone 8861 | All versions |
Cisco Ip Phone 8865 | All versions |
Related CWEs
References (6)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.