CVE-2018-0389 — Cisco Small Business Spa500 Series IP Phones vulnerability

CWE-3994 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business Spa500 Series IP Phones Cisco Spa514g Firmware

Timeline

PublishedMar 13

Latest updateMay 13

Description

A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_small_business_spa500_series_ip_phonesunspecified — 7.6.2SR2

▶NVDcisco/spa514g_firmware7.6.2sr2

🔴Vulnerability Details

GHSA

GHSA-wv94-3p8w-fgm3: A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthe↗2022-05-13

▶

CVEList

Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability↗2019-03-13

▶

📋Vendor Advisories

Cisco

Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability↗2019-03-13

▶