Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-0332

Опубликовано: 07 июн. 2018
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\(9.99002.1\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\(9.99002.1\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7912g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr3.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr3.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr4:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01409
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-gv4m-rwq2-3qhw

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.

EPSS

Процентиль: 80%
0.01409
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399
NVD-CWE-noinfo