#VU8891 Denial of service in Small Business SPA51x
Vulnerability identifier: #VU8891
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Small Business SPA51x
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones due to improper handling of SIP request messages. A remote attacker can send malformed SIP messages and the device to become unresponsive.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Update to version 7.6(2)SR2.
Vulnerable software versions
Small Business SPA51x: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
