// For flags

CVE-2018-0325

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066.

Una vulnerabilidad en la funcionalidad de gestión de llamadas SIP (Session Initiation Protocol) de los teléfonos Session Initiation Protocol de las series 7800 y 8800 podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS) en un teléfono afectado. La vulnerabilidad se debe a la validación de entradas incorrecta de los parámetros SIP Session Description Protocol (SDP) mediante el analizador SDP de un teléfono afectado. Un atacante podría explotar esta vulnerabilidad enviando una un paquete SIP mal formado al teléfono afectado. Su explotación con éxito podría permitir que el atacante provoque que todas las llamadas de teléfono activas en el teléfono afectado se cuelguen mientras el proceso SIP se reinicia inesperadamente, lo que resulta en una condición de denegación de servicio (DoS). Cisco Bug IDs: CSCvf40066.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-05-17 CVE Published
  • 2023-11-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ip Phone 8800 Firmware
Search vendor "Cisco" for product "Ip Phone 8800 Firmware"
9.4\(2\)sr4
Search vendor "Cisco" for product "Ip Phone 8800 Firmware" and version "9.4\(2\)sr4"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8800
Search vendor "Cisco" for product "Ip Phone 8800"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8800 Firmware
Search vendor "Cisco" for product "Ip Phone 8800 Firmware"
10.3\(1\)sr4
Search vendor "Cisco" for product "Ip Phone 8800 Firmware" and version "10.3\(1\)sr4"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8800
Search vendor "Cisco" for product "Ip Phone 8800"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7800 Firmware
Search vendor "Cisco" for product "Ip Phone 7800 Firmware"
< 12.1\(1.12\)
Search vendor "Cisco" for product "Ip Phone 7800 Firmware" and version " < 12.1\(1.12\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7800
Search vendor "Cisco" for product "Ip Phone 7800"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7800 Firmware
Search vendor "Cisco" for product "Ip Phone 7800 Firmware"
< 12.1\(1\)mn130
Search vendor "Cisco" for product "Ip Phone 7800 Firmware" and version " < 12.1\(1\)mn130"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7800
Search vendor "Cisco" for product "Ip Phone 7800"
--
Safe