CVE-2017-12260
Summary
| CVE | CVE-2017-12260 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-19 08:29:00 UTC |
| Updated | 2019-10-09 23:22:00 UTC |
| Description | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Spa 501g | - | All | All | All |
| Hardware | Cisco | Spa 501g | - | All | All | All |
| Operating System | Cisco | Spa 501g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 502g | - | All | All | All |
| Hardware | Cisco | Spa 502g | - | All | All | All |
| Operating System | Cisco | Spa 502g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 504g | - | All | All | All |
| Hardware | Cisco | Spa 504g | - | All | All | All |
| Operating System | Cisco | Spa 504g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 508g | - | All | All | All |
| Hardware | Cisco | Spa 508g | - | All | All | All |
| Operating System | Cisco | Spa 508g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 509g | - | All | All | All |
| Hardware | Cisco | Spa 509g | - | All | All | All |
| Operating System | Cisco | Spa 509g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 512g | - | All | All | All |
| Hardware | Cisco | Spa 512g | - | All | All | All |
| Operating System | Cisco | Spa 512g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 514g | - | All | All | All |
| Hardware | Cisco | Spa 514g | - | All | All | All |
| Operating System | Cisco | Spa 514g Firmware | All | sr1 | All | All |
| Hardware | Cisco | Spa 525g | - | All | All | All |
| Hardware | Cisco | Spa 525g | - | All | All | All |
| Operating System | Cisco | Spa 525g Firmware | All | sr1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco Small Business SPA50x/SPA51x/SPA52x Series IP Phones SIP Processing Flaw Lets Remote Users Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.