Sign-up

ID

VAR-201806-1001


CVE

CVE-2018-0316


TITLE

plural Cisco IP Phone Resource management vulnerabilities in product multi-platform firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-006128

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718. Vendors have confirmed this vulnerability Bug ID CSCvi24718 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. MultiplatformFirmware is one of a set of firewall software that supports multiple platforms. error. Error that occurs when a call is not answered

Trust: 2.25

sources: NVD: CVE-2018-0316 // JVNDB: JVNDB-2018-006128 // CNVD: CNVD-2018-11347 // VULHUB: VHN-118518

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11347

AFFECTED PRODUCTS

vendor:ciscomodel:ip phonescope:eqversion:11.1\(2\)

Trust: 1.6

vendor:ciscomodel:ip phonescope:ltversion:11.1(2)

Trust: 0.8

vendor:ciscomodel:ip phonescope:eqversion:8800

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:6800

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:7800

Trust: 0.6

sources: CNVD: CNVD-2018-11347 // JVNDB: JVNDB-2018-006128 // CNNVD: CNNVD-201806-399 // NVD: CVE-2018-0316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0316
value: HIGH

Trust: 1.0

NVD: CVE-2018-0316
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11347
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-399
value: HIGH

Trust: 0.6

VULHUB: VHN-118518
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0316
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11347
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118518
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0316
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-11347 // VULHUB: VHN-118518 // JVNDB: JVNDB-2018-006128 // CNNVD: CNNVD-201806-399 // NVD: CVE-2018-0316

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-755

Trust: 1.1

sources: VULHUB: VHN-118518 // JVNDB: JVNDB-2018-006128 // NVD: CVE-2018-0316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-399

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201806-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006128

PATCH
title:cisco-sa-20180606-multiplatform-sipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip
Trust: 0.8
title:Patch for Cisco IP Phone 6800, 7800, and 8800 Series Phones Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/131761
Trust: 0.6
title:Cisco IP Phone 6800 , 7800  and 8800 Series Phones Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80746
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11347 // 
            
            
            
            JVNDB: JVNDB-2018-006128 // 
            
            
            
            CNNVD: CNNVD-201806-399

EXTERNAL IDS
db:NVDid:CVE-2018-0316
Trust: 3.1
db:SECTRACKid:1041073
Trust: 1.7
db:JVNDBid:JVNDB-2018-006128
Trust: 0.8
db:CNNVDid:CNNVD-201806-399
Trust: 0.7
db:CNVDid:CNVD-2018-11347
Trust: 0.6
db:VULHUBid:VHN-118518
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11347 // 
            
            
            
            VULHUB: VHN-118518 // 
            
            
            
            JVNDB: JVNDB-2018-006128 // 
            
            
            
            CNNVD: CNNVD-201806-399 // 
            
            
            
            NVD: CVE-2018-0316

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-multiplatform-sip
Trust: 2.3
url:http://www.securitytracker.com/id/1041073
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0316
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0316
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11347 // 
            
            
            
            VULHUB: VHN-118518 // 
            
            
            
            JVNDB: JVNDB-2018-006128 // 
            
            
            
            CNNVD: CNNVD-201806-399 // 
            
            
            
            NVD: CVE-2018-0316

SOURCES
db:CNVDid:CNVD-2018-11347
db:VULHUBid:VHN-118518
db:JVNDBid:JVNDB-2018-006128
db:CNNVDid:CNNVD-201806-399
db:NVDid:CVE-2018-0316

LAST UPDATE DATE
2024-11-23T23:12:07.006000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11347date:2018-06-12T00:00:00
db:VULHUBid:VHN-118518date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006128date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-399date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0316date:2024-11-21T03:37:57.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11347date:2018-06-12T00:00:00
db:VULHUBid:VHN-118518date:2018-06-07T00:00:00
db:JVNDBid:JVNDB-2018-006128date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-399date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0316date:2018-06-07T12:29:00.480