// For flags

CVE-2017-12219

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.

Existe una vulnerabilidad en la gestión de los fragmentos de IP para Cisco Small Business SPA300, SPA500, y SPA51x Series IP Phones que podría permitir a un atacante autenticado remoto provocar que el dispositivo recargue de manera inesperada, provocando una denegación de servicio (DoS). Esta vulnerabilidad se debe a la incapacidad para gestionar muchos fragmentos de IP largos para reensamblarlos en un espacio de tiempo pequeño. Un atacante podría explotar esta vulnerabilidad enviando una serie de fragmentos de IP manipulados al dispositivo objetivo. Su explotación podría permitir a un atacante provocar una denegación de servicio cuando el dispositivo recarga de manera inesperada. Cisco Bug IDs: CSCve82586.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-03 CVE Reserved
  • 2017-09-21 CVE Published
  • 2023-03-24 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Spa 301 Firmware
Search vendor "Cisco" for product "Spa 301 Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 301 Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 301
Search vendor "Cisco" for product "Spa 301"
--
Safe
Cisco
Search vendor "Cisco"
Spa 303 Firmware
Search vendor "Cisco" for product "Spa 303 Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 303 Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 303
Search vendor "Cisco" for product "Spa 303"
--
Safe
Cisco
Search vendor "Cisco"
Spa 500ds Firmware
Search vendor "Cisco" for product "Spa 500ds Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 500ds Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 500ds
Search vendor "Cisco" for product "Spa 500ds"
--
Safe
Cisco
Search vendor "Cisco"
Spa 500s Firmware
Search vendor "Cisco" for product "Spa 500s Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 500s Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 500s
Search vendor "Cisco" for product "Spa 500s"
--
Safe
Cisco
Search vendor "Cisco"
Spa 501g Firmware
Search vendor "Cisco" for product "Spa 501g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 501g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 501g
Search vendor "Cisco" for product "Spa 501g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 502g Firmware
Search vendor "Cisco" for product "Spa 502g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 502g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 502g
Search vendor "Cisco" for product "Spa 502g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 504g Firmware
Search vendor "Cisco" for product "Spa 504g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 504g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 504g
Search vendor "Cisco" for product "Spa 504g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 508g Firmware
Search vendor "Cisco" for product "Spa 508g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 508g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 508g
Search vendor "Cisco" for product "Spa 508g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 509g Firmware
Search vendor "Cisco" for product "Spa 509g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 509g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 509g
Search vendor "Cisco" for product "Spa 509g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 512g Firmware
Search vendor "Cisco" for product "Spa 512g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 512g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 512g
Search vendor "Cisco" for product "Spa 512g"
--
Safe
Cisco
Search vendor "Cisco"
Spa 514g Firmware
Search vendor "Cisco" for product "Spa 514g Firmware"
7.6.2
Search vendor "Cisco" for product "Spa 514g Firmware" and version "7.6.2"
-
Affected
in Cisco
Search vendor "Cisco"
Spa 514g
Search vendor "Cisco" for product "Spa 514g"
--
Safe