Vulnerability Description
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Spa 301 Firmware | 7.6.2 |
| Cisco | Spa 301 | - |
| Cisco | Spa 303 Firmware | 7.6.2 |
| Cisco | Spa 303 | - |
| Cisco | Spa 500Ds Firmware | 7.6.2 |
| Cisco | Spa 500Ds | - |
| Cisco | Spa 500S Firmware | 7.6.2 |
| Cisco | Spa 500S | - |
| Cisco | Spa 501G Firmware | 7.6.2 |
| Cisco | Spa 501G | - |
| Cisco | Spa 502G Firmware | 7.6.2 |
| Cisco | Spa 502G | - |
| Cisco | Spa 504G Firmware | 7.6.2 |
| Cisco | Spa 504G | - |
| Cisco | Spa 508G Firmware | 7.6.2 |
| Cisco | Spa 508G | - |
| Cisco | Spa 509G Firmware | 7.6.2 |
| Cisco | Spa 509G | - |
| Cisco | Spa 512G Firmware | 7.6.2 |
| Cisco | Spa 512G | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100926Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039413Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/100926Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039413Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12219?
CVE-2017-12219 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload u...
How severe is CVE-2017-12219?
CVE-2017-12219 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12219?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa 301 Firmware, Cisco Spa 301, Cisco Spa 303 Firmware, Cisco Spa 303, Cisco Spa 500Ds Firmware.