CVE-2018-15497
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.
El dispositivo Mitel MiVoice 5330e VoIP se ha visto afectado por errores de corrupción de memoria en la funcionalidad de manejo de paquetes SIP/SDP. Un atacante puede explotar este problema de forma remota mediante el envío de un patrón en concreto de paquetes SIP/SDP para provocar un estado de denegación de servicio (DoS) en los dispositivos afectados y una ejecución remota de código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-17 CVE Reserved
- 2018-10-23 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.nccgroup.trust/uk/our-research/technical-advisory-mitel-mivoice-5330e-memory-corruption-flaw | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0009 | 2019-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitel Search vendor "Mitel" | Mivoice 5330e Firmware Search vendor "Mitel" for product "Mivoice 5330e Firmware" | <= 6.5.0.16 Search vendor "Mitel" for product "Mivoice 5330e Firmware" and version " <= 6.5.0.16" | - |
Affected
| in | Mitel Search vendor "Mitel" | Mivoice 5330e Search vendor "Mitel" for product "Mivoice 5330e" | - | - |
Safe
|