CVE-2017-12219
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.
Existe una vulnerabilidad en la gestión de los fragmentos de IP para Cisco Small Business SPA300, SPA500, y SPA51x Series IP Phones que podría permitir a un atacante autenticado remoto provocar que el dispositivo recargue de manera inesperada, provocando una denegación de servicio (DoS). Esta vulnerabilidad se debe a la incapacidad para gestionar muchos fragmentos de IP largos para reensamblarlos en un espacio de tiempo pequeño. Un atacante podría explotar esta vulnerabilidad enviando una serie de fragmentos de IP manipulados al dispositivo objetivo. Su explotación podría permitir a un atacante provocar una denegación de servicio cuando el dispositivo recarga de manera inesperada. Cisco Bug IDs: CSCve82586.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-03 CVE Reserved
- 2017-09-21 CVE Published
- 2023-03-24 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100926 | Third Party Advisory | |
http://www.securitytracker.com/id/1039413 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Spa 301 Firmware Search vendor "Cisco" for product "Spa 301 Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 301 Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 301 Search vendor "Cisco" for product "Spa 301" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 303 Firmware Search vendor "Cisco" for product "Spa 303 Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 303 Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 303 Search vendor "Cisco" for product "Spa 303" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 500ds Firmware Search vendor "Cisco" for product "Spa 500ds Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 500ds Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 500ds Search vendor "Cisco" for product "Spa 500ds" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 500s Firmware Search vendor "Cisco" for product "Spa 500s Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 500s Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 500s Search vendor "Cisco" for product "Spa 500s" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 501g Firmware Search vendor "Cisco" for product "Spa 501g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 501g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 501g Search vendor "Cisco" for product "Spa 501g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 502g Firmware Search vendor "Cisco" for product "Spa 502g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 502g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 502g Search vendor "Cisco" for product "Spa 502g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 504g Firmware Search vendor "Cisco" for product "Spa 504g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 504g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 504g Search vendor "Cisco" for product "Spa 504g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 508g Firmware Search vendor "Cisco" for product "Spa 508g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 508g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 508g Search vendor "Cisco" for product "Spa 508g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 509g Firmware Search vendor "Cisco" for product "Spa 509g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 509g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 509g Search vendor "Cisco" for product "Spa 509g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 512g Firmware Search vendor "Cisco" for product "Spa 512g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 512g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 512g Search vendor "Cisco" for product "Spa 512g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa 514g Firmware Search vendor "Cisco" for product "Spa 514g Firmware" | 7.6.2 Search vendor "Cisco" for product "Spa 514g Firmware" and version "7.6.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 514g Search vendor "Cisco" for product "Spa 514g" | - | - |
Safe
|