CVE-2018-0325
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066.
Una vulnerabilidad en la funcionalidad de gestión de llamadas SIP (Session Initiation Protocol) de los teléfonos Session Initiation Protocol de las series 7800 y 8800 podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS) en un teléfono afectado. La vulnerabilidad se debe a la validación de entradas incorrecta de los parámetros SIP Session Description Protocol (SDP) mediante el analizador SDP de un teléfono afectado. Un atacante podría explotar esta vulnerabilidad enviando una un paquete SIP mal formado al teléfono afectado. Su explotación con éxito podría permitir que el atacante provoque que todas las llamadas de teléfono activas en el teléfono afectado se cuelguen mientras el proceso SIP se reinicia inesperadamente, lo que resulta en una condición de denegación de servicio (DoS). Cisco Bug IDs: CSCvf40066.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-05-17 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104202 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040927 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ip Phone 8800 Firmware Search vendor "Cisco" for product "Ip Phone 8800 Firmware" | 9.4\(2\)sr4 Search vendor "Cisco" for product "Ip Phone 8800 Firmware" and version "9.4\(2\)sr4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8800 Search vendor "Cisco" for product "Ip Phone 8800" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8800 Firmware Search vendor "Cisco" for product "Ip Phone 8800 Firmware" | 10.3\(1\)sr4 Search vendor "Cisco" for product "Ip Phone 8800 Firmware" and version "10.3\(1\)sr4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8800 Search vendor "Cisco" for product "Ip Phone 8800" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7800 Firmware Search vendor "Cisco" for product "Ip Phone 7800 Firmware" | < 12.1\(1.12\) Search vendor "Cisco" for product "Ip Phone 7800 Firmware" and version " < 12.1\(1.12\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7800 Search vendor "Cisco" for product "Ip Phone 7800" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7800 Firmware Search vendor "Cisco" for product "Ip Phone 7800 Firmware" | < 12.1\(1\)mn130 Search vendor "Cisco" for product "Ip Phone 7800 Firmware" and version " < 12.1\(1\)mn130" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7800 Search vendor "Cisco" for product "Ip Phone 7800" | - | - |
Safe
|