Sign-up

ID

VAR-201806-1012


CVE

CVE-2018-0332


TITLE

Cisco Unified IP Phone Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006089

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945. Cisco Unified IP Phone The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve10064 , CSCve14617 , CSCve14638 , CSCve14683 , CSCve20812 , CSCve20926 ,and CSCve20945 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2018-0332 // JVNDB: JVNDB-2018-006089 // CNVD: CNVD-2018-11305 // BID: 104445 // VULHUB: VHN-118534

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11305

AFFECTED PRODUCTS

vendor:ciscomodel:ip phonescope:eqversion:9.4\(2\)sr4

Trust: 1.6

vendor:ciscomodel:ip phonescope:eqversion:9.4\(2\)sr3.1

Trust: 1.6

vendor:ciscomodel:unified ip phonescope:eqversion:9.9\(9.99002.1\)

Trust: 1.6

vendor:ciscomodel:ip phonescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phonescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phone nonescope: - version: -

Trust: 0.6

vendor:ciscomodel:unified ip phone softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-11305 // BID: 104445 // JVNDB: JVNDB-2018-006089 // CNNVD: CNNVD-201806-372 // NVD: CVE-2018-0332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0332
value: HIGH

Trust: 1.0

NVD: CVE-2018-0332
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11305
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-372
value: HIGH

Trust: 0.6

VULHUB: VHN-118534
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0332
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11305
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118534
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0332
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-11305 // VULHUB: VHN-118534 // JVNDB: JVNDB-2018-006089 // CNNVD: CNNVD-201806-372 // NVD: CVE-2018-0332

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118534 // JVNDB: JVNDB-2018-006089 // NVD: CVE-2018-0332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-372

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201806-372

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006089

PATCH
title:cisco-sa-20180606-ip-phone-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos
Trust: 0.8
title:Patch for Cisco Unified IPPhone Software Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11305 // 
            
            
            
            JVNDB: JVNDB-2018-006089

EXTERNAL IDS
db:NVDid:CVE-2018-0332
Trust: 3.4
db:BIDid:104445
Trust: 2.0
db:SECTRACKid:1041074
Trust: 1.7
db:JVNDBid:JVNDB-2018-006089
Trust: 0.8
db:CNNVDid:CNNVD-201806-372
Trust: 0.7
db:CNVDid:CNVD-2018-11305
Trust: 0.6
db:VULHUBid:VHN-118534
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11305 // 
            
            
            
            VULHUB: VHN-118534 // 
            
            
            
            BID: 104445 // 
            
            
            
            JVNDB: JVNDB-2018-006089 // 
            
            
            
            CNNVD: CNNVD-201806-372 // 
            
            
            
            NVD: CVE-2018-0332

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-ip-phone-dos
Trust: 2.6
url:http://www.securityfocus.com/bid/104445
Trust: 1.7
url:http://www.securitytracker.com/id/1041074
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0332
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0332
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-11305 // 
            
            
            
            VULHUB: VHN-118534 // 
            
            
            
            BID: 104445 // 
            
            
            
            JVNDB: JVNDB-2018-006089 // 
            
            
            
            CNNVD: CNNVD-201806-372 // 
            
            
            
            NVD: CVE-2018-0332

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104445

SOURCES
db:CNVDid:CNVD-2018-11305
db:VULHUBid:VHN-118534
db:BIDid:104445
db:JVNDBid:JVNDB-2018-006089
db:CNNVDid:CNNVD-201806-372
db:NVDid:CVE-2018-0332

LAST UPDATE DATE
2024-11-23T22:55:51.872000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11305date:2018-06-12T00:00:00
db:VULHUBid:VHN-118534date:2019-10-09T00:00:00
db:BIDid:104445date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006089date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-372date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0332date:2024-11-21T03:37:59.870

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11305date:2018-06-12T00:00:00
db:VULHUBid:VHN-118534date:2018-06-07T00:00:00
db:BIDid:104445date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006089date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-372date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0332date:2018-06-07T21:29:00.400