A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01409.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a Cisco Unified IP Phone Software unknown affected
Version Status Constraints
Cisco Unified IP Phone Software unknown affected

Configuration 1 [-]

AND
cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\(9.99002.1\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\(9.99002.1\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7912g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr3.1:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr3.1:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:cisco:ip_phone_firmware:9.4\(2\)sr4:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Cisco Subscribe
Ip Phone 7811 Subscribe
Ip Phone 7821 Subscribe
Ip Phone 7841 Subscribe
Ip Phone 7861 Subscribe
Ip Phone 8811 Subscribe
Ip Phone 8841 Subscribe
Ip Phone 8845 Subscribe
Ip Phone 8851 Subscribe
Ip Phone 8861 Subscribe
Ip Phone 8865 Subscribe
Ip Phone Firmware Subscribe
Unified Ip Phone 7906g Subscribe
Unified Ip Phone 7911g Subscribe
Unified Ip Phone 7912g Subscribe
Unified Ip Phone 7931g Subscribe
Unified Ip Phone 7940g Subscribe
Unified Ip Phone 7941g Subscribe
Unified Ip Phone 7942g Subscribe
Unified Ip Phone 7945g Subscribe
Unified Ip Phone 7960g Subscribe
Unified Ip Phone 7961g Subscribe
Unified Ip Phone 7962g Subscribe
Unified Ip Phone 7965g Subscribe
Unified Ip Phone 7975g Subscribe
Unified Ip Phone 9951 Subscribe
Unified Ip Phone 9971 Subscribe
Unified Ip Phone Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2018-1155 A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.securityfocus.com/bid/104445 cve-icon cve-icon
http://www.securitytracker.com/id/1041074 cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos cve-icon cve-icon
History

Fri, 29 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-29T15:05:00.083Z

Reserved: 2017-11-27T00:00:00.000Z

Link: CVE-2018-0332

cve-icon Vulnrichment

Updated: 2024-08-05T03:21:15.586Z

cve-icon NVD

Status : Modified

Published: 2018-06-07T21:29:00.400

Modified: 2024-11-21T03:37:59.870

Link: CVE-2018-0332

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses