{"api_version":"1","generated_at":"2026-04-23T08:13:37+00:00","cve":"CVE-2017-6630","urls":{"html":"https://cve.report/CVE-2017-6630","api":"https://cve.report/api/cve/CVE-2017-6630.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-6630","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-6630"},"summary":{"title":"CVE-2017-6630","description":"A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2017-05-22 01:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip","name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/98533","name":"98533","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco IP Phone 8851 CVE-2017-6630 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1038511","name":"1038511","refsource":"SECTRACK","tags":[],"title":"Cisco 8851 IP Phone SIP CANCEL Message Processing Bug Lets Remote Users Cause the Target Service to Crash - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-6630","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6630","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"6630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"ip_phone_8800_series_firmware","cpe6":"11.0(0.1)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"ip_phone_8800_series_firmware","cpe6":"11.0\\(0.1\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6630","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"ip_phone_8800_series_firmware","cpe6":"11.0\\(0.1\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6630","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"ip_phone_8851","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6630","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"ip_phone_8851","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2017-6630","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco IP Phone 8851","version":{"version_data":[{"version_value":"Cisco IP Phone 8851"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-399"}]}]},"references":{"reference_data":[{"name":"1038511","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038511"},{"name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip","refsource":"CONFIRM","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"},{"name":"98533","refsource":"BID","url":"http://www.securityfocus.com/bid/98533"}]}},"nvd":{"publishedDate":"2017-05-22 01:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(0.1\\):*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"6630","Ordinal":"103317","Title":"CVE-2017-6630","CVE":"CVE-2017-6630","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"6630","Ordinal":"1","NoteData":"A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"6630","Ordinal":"2","NoteData":"2017-05-21","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"6630","Ordinal":"3","NoteData":"2017-07-07","Type":"Other","Title":"Modified"}]}}}