CVE-2017-12328 — Improper Input Validation in Cisco IP Phone 8800 Series Firmware

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.6%

top 31.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IP Phone 8800 Series Firmware

Timeline

PublishedNov 30

Latest updateMay 13

Description

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/ip_phone_8800_series_firmware11.0\(0.1\)

🔴Vulnerability Details

GHSA

GHSA-9wxx-q8qf-rxcw: A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attack↗2022-05-13

▶

CVEList

CVE-2017-12328: A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attack↗2017-11-30

▶

📋Vendor Advisories

Cisco

Cisco IP Phone 8800 Series Denial of Service Vulnerability↗2017-11-30

▶