CVE-2018-0316

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.

Una vulnerabilidad en la funcionalidad de gestión de llamadas SIP (Session Initiation Protocol) de los teléfonos Cisco IP Phone de las Series 6800, 7800 y 8800 con firmware multiplataforma podría permitir que un atacante remoto sin autenticar haga que un teléfono afectado se reinicie inesperadamente, provocando una denegación de servicio (DoS) temporal en consecuencia. La vulnerabilidad existe debido a que el firmware de un teléfono afectado gestiona incorrectamente los errores que podrían ocurrir cuando no se contesta a una llamada de teléfono entrante. Un atacante podría explotar esta vulnerabilidad enviando una serie de paquetes SIP maliciosamente manipulados a un teléfono afectado. Si se explota con éxito, podría permitir que el atacante consiga que el teléfono afectado se reinicie, provocando una denegación de servicio (DoS) temporal. Esta vulnerabilidad afecta a los teléfonos Cisco IP Phone Serie 6800, 7800 y 8800 con firmware multiplataforma, si lo están ejecutando en versiones anteriores a la 11.1(2). Cisco Bug IDs: CSCvi24718.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-06-07 CVE Published
2024-04-16 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-755: Improper Handling of Exceptional Conditions

CAPEC

References (2)

URL	Tag	Source
http://www.securitytracker.com/id/1041073	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 6841 Search vendor "Cisco" for product "Ip Phone 6841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 6851 Search vendor "Cisco" for product "Ip Phone 6851"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861"	-	-	Safe
Cisco Search vendor "Cisco"	Ip Phone Firmware Search vendor "Cisco" for product "Ip Phone Firmware"	11.1\(2\) Search vendor "Cisco" for product "Ip Phone Firmware" and version "11.1\(2\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865"	-	-	Safe