Sign-up

ID

VAR-201711-0323


CVE

CVE-2017-12328


TITLE

Cisco IP Phone 8800 Vulnerability related to input validation in series devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-010512

DESCRIPTION

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590. Cisco IP Phone 8800 Series devices contain an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc62590 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. SessionInitiationProtocol (SIP) is a session initiation protocol used in it. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2017-12328 // JVNDB: JVNDB-2017-010512 // CNVD: CNVD-2017-36397 // BID: 102003 // VULHUB: VHN-102839

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36397

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0\(0.1\)

Trust: 1.6

vendor:ciscomodel:ip phone seriesscope:eqversion:880011.0(0.1)

Trust: 0.9

vendor:ciscomodel:ip phone 8800 seriesscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-36397 // BID: 102003 // JVNDB: JVNDB-2017-010512 // CNNVD: CNNVD-201711-1236 // NVD: CVE-2017-12328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12328
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12328
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-36397
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-1236
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102839
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-36397
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102839
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12328
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-36397 // VULHUB: VHN-102839 // JVNDB: JVNDB-2017-010512 // CNNVD: CNNVD-201711-1236 // NVD: CVE-2017-12328

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-102839 // JVNDB: JVNDB-2017-010512 // NVD: CVE-2017-12328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1236

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 102003 // CNNVD: CNNVD-201711-1236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010512

PATCH
title:cisco-sa-20171129-ippurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
Trust: 0.8
title:Patch for CiscoIPPhone 8800 Series Device Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/108205
Trust: 0.6
title:Cisco IP Phone 8800 Series Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76854
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-36397 // 
            
            
            
            JVNDB: JVNDB-2017-010512 // 
            
            
            
            CNNVD: CNNVD-201711-1236

EXTERNAL IDS
db:NVDid:CVE-2017-12328
Trust: 3.4
db:BIDid:102003
Trust: 2.6
db:SECTRACKid:1039922
Trust: 1.7
db:JVNDBid:JVNDB-2017-010512
Trust: 0.8
db:CNNVDid:CNNVD-201711-1236
Trust: 0.7
db:CNVDid:CNVD-2017-36397
Trust: 0.6
db:VULHUBid:VHN-102839
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-36397 // 
            
            
            
            VULHUB: VHN-102839 // 
            
            
            
            BID: 102003 // 
            
            
            
            JVNDB: JVNDB-2017-010512 // 
            
            
            
            CNNVD: CNNVD-201711-1236 // 
            
            
            
            NVD: CVE-2017-12328

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-ipp
Trust: 2.6
url:http://www.securityfocus.com/bid/102003
Trust: 1.7
url:http://www.securitytracker.com/id/1039922
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12328
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12328
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-36397 // 
            
            
            
            VULHUB: VHN-102839 // 
            
            
            
            BID: 102003 // 
            
            
            
            JVNDB: JVNDB-2017-010512 // 
            
            
            
            CNNVD: CNNVD-201711-1236 // 
            
            
            
            NVD: CVE-2017-12328

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102003

SOURCES
db:CNVDid:CNVD-2017-36397
db:VULHUBid:VHN-102839
db:BIDid:102003
db:JVNDBid:JVNDB-2017-010512
db:CNNVDid:CNNVD-201711-1236
db:NVDid:CVE-2017-12328

LAST UPDATE DATE
2024-11-23T23:05:17.534000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-36397date:2017-12-06T00:00:00
db:VULHUBid:VHN-102839date:2019-10-09T00:00:00
db:BIDid:102003date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010512date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-1236date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12328date:2024-11-21T03:09:18.827

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-36397date:2017-12-06T00:00:00
db:VULHUBid:VHN-102839date:2017-11-30T00:00:00
db:BIDid:102003date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010512date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-1236date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12328date:2017-11-30T09:29:00.260