Sign-up

ID

VAR-201709-0682


CVE

CVE-2017-12219


TITLE

Cisco Small Business Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008296

DESCRIPTION

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. Vendors have confirmed this vulnerability Bug ID CSCve82586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The CiscoSmallBusinessSPA300, SPA500, and SPA51x are Cisco S-Series IP telephony products. Multiple Cisco Products are prone to a denial-of-service vulnerability

Trust: 2.52

sources: NVD: CVE-2017-12219 // JVNDB: JVNDB-2017-008296 // CNVD: CNVD-2017-34245 // BID: 100926 // VULHUB: VHN-102719

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34245

AFFECTED PRODUCTS

vendor:ciscomodel:spa 301scope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 500dsscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 500sscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 501gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 502gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 504gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 508gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 509gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 512gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 514gscope:eqversion:7.6.2

Trust: 2.4

vendor:ciscomodel:spa 303scope:eqversion:7.6.2

Trust: 1.8

vendor:ciscomodel:small business spa51x ip phonesscope:eqversion:7.6.2

Trust: 0.9

vendor:ciscomodel:small business spa500 series ip phonesscope:eqversion:7.6.2

Trust: 0.9

vendor:ciscomodel:small business spa300 series ip phonesscope:eqversion:7.6.2

Trust: 0.9

sources: CNVD: CNVD-2017-34245 // BID: 100926 // JVNDB: JVNDB-2017-008296 // CNNVD: CNNVD-201709-1038 // NVD: CVE-2017-12219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12219
value: HIGH

Trust: 1.0

NVD: CVE-2017-12219
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34245
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-1038
value: HIGH

Trust: 0.6

VULHUB: VHN-102719
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12219
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34245
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102719
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12219
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34245 // VULHUB: VHN-102719 // JVNDB: JVNDB-2017-008296 // CNNVD: CNNVD-201709-1038 // NVD: CVE-2017-12219

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-102719 // JVNDB: JVNDB-2017-008296 // NVD: CVE-2017-12219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1038

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-1038

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008296

PATCH
title:cisco-sa-20170920-spaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
Trust: 0.8
title:Patch for CiscoSmallBusinessSPA300, SPA500, and SPA51x Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/104549
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34245 // 
            
            
            
            JVNDB: JVNDB-2017-008296

EXTERNAL IDS
db:NVDid:CVE-2017-12219
Trust: 3.4
db:BIDid:100926
Trust: 2.6
db:SECTRACKid:1039413
Trust: 1.7
db:JVNDBid:JVNDB-2017-008296
Trust: 0.8
db:CNNVDid:CNNVD-201709-1038
Trust: 0.7
db:CNVDid:CNVD-2017-34245
Trust: 0.6
db:VULHUBid:VHN-102719
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34245 // 
            
            
            
            VULHUB: VHN-102719 // 
            
            
            
            BID: 100926 // 
            
            
            
            JVNDB: JVNDB-2017-008296 // 
            
            
            
            CNNVD: CNNVD-201709-1038 // 
            
            
            
            NVD: CVE-2017-12219

REFERENCES
url:http://www.securityfocus.com/bid/100926
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-spa
Trust: 2.0
url:http://www.securitytracker.com/id/1039413
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-12219
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12219
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34245 // 
            
            
            
            VULHUB: VHN-102719 // 
            
            
            
            BID: 100926 // 
            
            
            
            JVNDB: JVNDB-2017-008296 // 
            
            
            
            CNNVD: CNNVD-201709-1038 // 
            
            
            
            NVD: CVE-2017-12219

CREDITS
Marc Bolós from Pixelxen.
Trust: 0.3
sources:
            
            
            BID: 100926

SOURCES
db:CNVDid:CNVD-2017-34245
db:VULHUBid:VHN-102719
db:BIDid:100926
db:JVNDBid:JVNDB-2017-008296
db:CNNVDid:CNNVD-201709-1038
db:NVDid:CVE-2017-12219

LAST UPDATE DATE
2024-11-23T23:05:19.125000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34245date:2017-11-17T00:00:00
db:VULHUBid:VHN-102719date:2019-10-09T00:00:00
db:BIDid:100926date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2017-008296date:2017-10-13T00:00:00
db:CNNVDid:CNNVD-201709-1038date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12219date:2024-11-21T03:09:03.620

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34245date:2017-11-16T00:00:00
db:VULHUBid:VHN-102719date:2017-09-21T00:00:00
db:BIDid:100926date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2017-008296date:2017-10-13T00:00:00
db:CNNVDid:CNNVD-201709-1038date:2017-09-22T00:00:00
db:NVDid:CVE-2017-12219date:2017-09-21T05:29:00.327