Vulnerability Description
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ip Phone 8800 Series Firmware | 11.0\(0.1\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102003Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039922Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/102003Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039922Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12328?
CVE-2017-12328 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition be...
How severe is CVE-2017-12328?
CVE-2017-12328 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12328?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 8800 Series Firmware.