CVE-2017-6630
Summary
| CVE | CVE-2017-6630 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-22 01:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Ip Phone 8800 Series Firmware | 11.0(0.1) | All | All | All |
| Operating System | Cisco | Ip Phone 8800 Series Firmware | 11.0\(0.1\) | All | All | All |
| Operating System | Cisco | Ip Phone 8800 Series Firmware | 11.0\(0.1\) | All | All | All |
| Hardware | Cisco | Ip Phone 8851 | - | All | All | All |
| Hardware | Cisco | Ip Phone 8851 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco IP Phone 8851 CVE-2017-6630 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco 8851 IP Phone SIP CANCEL Message Processing Bug Lets Remote Users Cause the Target Service to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.