Details of VAR-201710-0640

ID

VAR-201710-0640

CVE

CVE-2017-12260

TITLE

Cisco Small Business IP Phone Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009473

DESCRIPTION

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986. Vendors have confirmed this vulnerability Bug ID CSCvc63986 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.52

sources: NVD: CVE-2017-12260 // JVNDB: JVNDB-2017-009473 // CNVD: CNVD-2017-32353 // BID: 101495 // VULHUB: VHN-102765

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32353

AFFECTED PRODUCTS

vendor:	cisco	model:	spa 508g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 512g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 502g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 514g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 504g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 501g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 525g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	spa 509g	scope:	lte	version:	7.6.2	Trust: 1.0
vendor:	cisco	model:	small business ip phone	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business spa50x series ip phones	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business spa51x series ip phones	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business spa52x series ip phones	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	spa 525g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 512g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 508g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 501g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 509g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 504g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 514g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	spa 502g	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones 7.6 sr2	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-32353 // BID: 101495 // JVNDB: JVNDB-2017-009473 // CNNVD: CNNVD-201710-887 // NVD: CVE-2017-12260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12260
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12260
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32353
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201710-887
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102765
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12260
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32353
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102765
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12260
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32353 // VULHUB: VHN-102765 // JVNDB: JVNDB-2017-009473 // CNNVD: CNNVD-201710-887 // NVD: CVE-2017-12260

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-102765 // JVNDB: JVNDB-2017-009473 // NVD: CVE-2017-12260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-887

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-887

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009473

PATCH

title:	cisco-sa-20171018-sip1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1	Trust: 0.8
title:	Patch for CiscoSmallBusinessSPA50x, SPA51x, and SPA52xSeriesIPPhones Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/105205	Trust: 0.6
title:	Cisco Small Business SPA50x , SPA51x and SPA52x Series IP Phones Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75869	Trust: 0.6

sources: CNVD: CNVD-2017-32353 // JVNDB: JVNDB-2017-009473 // CNNVD: CNNVD-201710-887

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12260	Trust: 3.4
db:	BID	id:	101495	Trust: 2.6
db:	SECTRACK	id:	1039616	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009473	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-887	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32353	Trust: 0.6
db:	VULHUB	id:	VHN-102765	Trust: 0.1

sources: CNVD: CNVD-2017-32353 // VULHUB: VHN-102765 // BID: 101495 // JVNDB: JVNDB-2017-009473 // CNNVD: CNNVD-201710-887 // NVD: CVE-2017-12260

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-sip1	Trust: 2.6
url:	http://www.securityfocus.com/bid/101495	Trust: 2.3
url:	http://www.securitytracker.com/id/1039616	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12260	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12260	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-32353 // VULHUB: VHN-102765 // BID: 101495 // JVNDB: JVNDB-2017-009473 // CNNVD: CNNVD-201710-887 // NVD: CVE-2017-12260

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101495

SOURCES

db:	CNVD	id:	CNVD-2017-32353
db:	VULHUB	id:	VHN-102765
db:	BID	id:	101495
db:	JVNDB	id:	JVNDB-2017-009473
db:	CNNVD	id:	CNNVD-201710-887
db:	NVD	id:	CVE-2017-12260

LAST UPDATE DATE

2024-11-23T21:53:40.804000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32353	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-102765	date:	2019-10-09T00:00:00
db:	BID	id:	101495	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009473	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-887	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12260	date:	2024-11-21T03:09:11.170

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32353	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-102765	date:	2017-10-19T00:00:00
db:	BID	id:	101495	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009473	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-887	date:	2017-10-23T00:00:00
db:	NVD	id:	CVE-2017-12260	date:	2017-10-19T08:29:00.310