Sign-up

ID

VAR-201805-0508


CVE

CVE-2018-0325


TITLE

Cisco IP Phone 7800 Series and IP Phone 8800 Input validation vulnerability in the series

Trust: 0.8

sources: JVNDB: JVNDB-2018-005422

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066. Vendors have confirmed this vulnerability Bug ID CSCvf40066 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2018-0325 // JVNDB: JVNDB-2018-005422 // CNVD: CNVD-2018-11288 // BID: 104202 // VULHUB: VHN-118527

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11288

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800scope:eqversion:10.3\(1\)sr4

Trust: 1.6

vendor:ciscomodel:ip phone 8800scope:eqversion:9.4\(2\)sr4

Trust: 1.6

vendor:ciscomodel:ip phone 7800scope:ltversion:12.1\(1.12\)

Trust: 1.0

vendor:ciscomodel:ip phone 7800scope:ltversion:12.1\(1\)mn130

Trust: 1.0

vendor:ciscomodel:ip series phonesscope:eqversion:78000

Trust: 0.9

vendor:ciscomodel:ip phone 7800 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8800 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:series ip phones nonescope:eqversion:8800

Trust: 0.6

vendor:ciscomodel:series ip phonesscope:eqversion:88000

Trust: 0.3

sources: CNVD: CNVD-2018-11288 // BID: 104202 // JVNDB: JVNDB-2018-005422 // CNNVD: CNNVD-201805-622 // NVD: CVE-2018-0325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0325
value: HIGH

Trust: 1.0

NVD: CVE-2018-0325
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11288
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-622
value: HIGH

Trust: 0.6

VULHUB: VHN-118527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0325
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11288
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118527
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0325
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-11288 // VULHUB: VHN-118527 // JVNDB: JVNDB-2018-005422 // CNNVD: CNNVD-201805-622 // NVD: CVE-2018-0325

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118527 // JVNDB: JVNDB-2018-005422 // NVD: CVE-2018-0325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-622

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104202 // CNNVD: CNNVD-201805-622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005422

PATCH
title:cisco-sa-20180516-ip-phone-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos
Trust: 0.8
title:Patch for CiscoIPPhone8800Series and IPPhone7800Series Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/131685
Trust: 0.6
title:Cisco IP Phone 7800 Series  and Cisco IP Phone 8800 Series Input validation vulnerability Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83547
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11288 // 
            
            
            
            JVNDB: JVNDB-2018-005422 // 
            
            
            
            CNNVD: CNNVD-201805-622

EXTERNAL IDS
db:NVDid:CVE-2018-0325
Trust: 3.4
db:BIDid:104202
Trust: 2.6
db:SECTRACKid:1040927
Trust: 1.7
db:JVNDBid:JVNDB-2018-005422
Trust: 0.8
db:CNVDid:CNVD-2018-11288
Trust: 0.6
db:CNNVDid:CNNVD-201805-622
Trust: 0.6
db:VULHUBid:VHN-118527
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11288 // 
            
            
            
            VULHUB: VHN-118527 // 
            
            
            
            BID: 104202 // 
            
            
            
            JVNDB: JVNDB-2018-005422 // 
            
            
            
            CNNVD: CNNVD-201805-622 // 
            
            
            
            NVD: CVE-2018-0325

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-ip-phone-dos
Trust: 2.6
url:http://www.securityfocus.com/bid/104202
Trust: 1.7
url:http://www.securitytracker.com/id/1040927
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0325
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0325
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-11288 // 
            
            
            
            VULHUB: VHN-118527 // 
            
            
            
            BID: 104202 // 
            
            
            
            JVNDB: JVNDB-2018-005422 // 
            
            
            
            CNNVD: CNNVD-201805-622 // 
            
            
            
            NVD: CVE-2018-0325

CREDITS
Mozilla
Trust: 0.3
sources:
            
            
            BID: 104202

SOURCES
db:CNVDid:CNVD-2018-11288
db:VULHUBid:VHN-118527
db:BIDid:104202
db:JVNDBid:JVNDB-2018-005422
db:CNNVDid:CNNVD-201805-622
db:NVDid:CVE-2018-0325

LAST UPDATE DATE
2024-11-23T22:06:50.401000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11288date:2018-06-12T00:00:00
db:VULHUBid:VHN-118527date:2019-10-09T00:00:00
db:BIDid:104202date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005422date:2018-07-17T00:00:00
db:CNNVDid:CNNVD-201805-622date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0325date:2024-11-21T03:37:58.917

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11288date:2018-06-12T00:00:00
db:VULHUBid:VHN-118527date:2018-05-17T00:00:00
db:BIDid:104202date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005422date:2018-07-17T00:00:00
db:CNNVDid:CNNVD-201805-622date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0325date:2018-05-17T03:29:00.810