Sign-up

ID

VAR-201705-3653


CVE

CVE-2017-6630


TITLE

Cisco IP Phone 8851 of Session Initiation Protocol Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-004281

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. Vendors have confirmed this vulnerability Bug ID CSCvc34795 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. The Cisco IP Phone8851 is a telephone product that provides video and VoIP communication capabilities from Cisco

Trust: 2.52

sources: NVD: CVE-2017-6630 // JVNDB: JVNDB-2017-004281 // CNVD: CNVD-2017-07501 // BID: 98533 // VULHUB: VHN-114833

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07501

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0\(0.1\)

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0(0.1)

Trust: 0.8

vendor:ciscomodel:ip phonescope:eqversion:885111.0(0.1)

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:88510

Trust: 0.3

vendor:ciscomodel:ip phone seriesscope:eqversion:880011.0(1)

Trust: 0.3

vendor:ciscomodel:ip phone series 11.0 mp2.153scope:neversion:8800

Trust: 0.3

vendor:ciscomodel:ip phone series 11.0 mp2.120scope:neversion:8800

Trust: 0.3

vendor:ciscomodel:ip phone series 11.0 mp2.100scope:neversion:8800

Trust: 0.3

sources: CNVD: CNVD-2017-07501 // BID: 98533 // JVNDB: JVNDB-2017-004281 // CNNVD: CNNVD-201705-914 // NVD: CVE-2017-6630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6630
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6630
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-07501
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-914
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114833
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6630
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07501
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114833
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6630
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07501 // VULHUB: VHN-114833 // JVNDB: JVNDB-2017-004281 // CNNVD: CNNVD-201705-914 // NVD: CVE-2017-6630

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-114833 // JVNDB: JVNDB-2017-004281 // NVD: CVE-2017-6630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-914

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-914

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004281

PATCH
title:cisco-sa-20170517-sipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip
Trust: 0.8
title:Patch for CiscoIPPhone8851 Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/94433
Trust: 0.6
title:Cisco IP Phone 8851 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70406
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07501 // 
            
            
            
            JVNDB: JVNDB-2017-004281 // 
            
            
            
            CNNVD: CNNVD-201705-914

EXTERNAL IDS
db:NVDid:CVE-2017-6630
Trust: 3.4
db:BIDid:98533
Trust: 2.6
db:SECTRACKid:1038511
Trust: 1.7
db:JVNDBid:JVNDB-2017-004281
Trust: 0.8
db:CNNVDid:CNNVD-201705-914
Trust: 0.7
db:CNVDid:CNVD-2017-07501
Trust: 0.6
db:VULHUBid:VHN-114833
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07501 // 
            
            
            
            VULHUB: VHN-114833 // 
            
            
            
            BID: 98533 // 
            
            
            
            JVNDB: JVNDB-2017-004281 // 
            
            
            
            CNNVD: CNNVD-201705-914 // 
            
            
            
            NVD: CVE-2017-6630

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-sip
Trust: 2.6
url:http://www.securityfocus.com/bid/98533
Trust: 1.7
url:http://www.securitytracker.com/id/1038511
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6630
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6630
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07501 // 
            
            
            
            VULHUB: VHN-114833 // 
            
            
            
            BID: 98533 // 
            
            
            
            JVNDB: JVNDB-2017-004281 // 
            
            
            
            CNNVD: CNNVD-201705-914 // 
            
            
            
            NVD: CVE-2017-6630

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98533

SOURCES
db:CNVDid:CNVD-2017-07501
db:VULHUBid:VHN-114833
db:BIDid:98533
db:JVNDBid:JVNDB-2017-004281
db:CNNVDid:CNNVD-201705-914
db:NVDid:CVE-2017-6630

LAST UPDATE DATE
2024-11-23T22:13:01.497000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07501date:2017-05-26T00:00:00
db:VULHUBid:VHN-114833date:2019-10-03T00:00:00
db:BIDid:98533date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004281date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-914date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6630date:2024-11-21T03:30:10.177

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07501date:2017-05-26T00:00:00
db:VULHUBid:VHN-114833date:2017-05-22T00:00:00
db:BIDid:98533date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004281date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-914date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6630date:2017-05-22T01:29:00.180