#VU8892 Denial of service in Cisco Systems, Inc products
Vulnerability identifier: #VU8892
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Small Business SPA51x
Hardware solutions /
Office equipment, IP-phones, print servers
Small Business SPA52x
Hardware solutions /
Office equipment, IP-phones, print servers
Small Business SPA50x
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones due to improper handling of SIP request messages. A remote attacker can send formatted specifiers in a SIP payload and cause the device to become unresponsive.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Update to version 7.6(2)SR2.
Vulnerable software versions
Small Business SPA51x: All versions
Small Business SPA52x: All versions
Small Business SPA50x: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
