CVE-2017-12328
https://notcve.org/view.php?id=CVE-2017-12328
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. • http://www.securityfocus.com/bid/102003 http://www.securitytracker.com/id/1039922 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp • CWE-20: Improper Input Validation •
CVE-2017-12305
https://notcve.org/view.php?id=CVE-2017-12305
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. Una vulnerabilidad en la interfaz de depuración de Cisco IP Phone 8800 series podría permitir que un atacante local autenticado ejecute comandos arbitrarios. • http://www.securityfocus.com/bid/101869 http://www.securitytracker.com/id/1039829 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-12271
https://notcve.org/view.php?id=CVE-2017-12271
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Una vulnerabilidad en Cisco SPA300 y SPA500 Series IP Phones podría permitir que un atacante remoto no autenticado ejecute acciones no deseadas en un dispositivo afectado. • http://www.securityfocus.com/bid/101524 http://www.securitytracker.com/id/1039621 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-12259
https://notcve.org/view.php?id=CVE-2017-12259
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. • http://www.securityfocus.com/bid/101488 http://www.securitytracker.com/id/1039615 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6630
https://notcve.org/view.php?id=CVE-2017-6630
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. • http://www.securityfocus.com/bid/98533 http://www.securitytracker.com/id/1038511 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip • CWE-399: Resource Management Errors •