Main Vulnerability Database SB2017092106

SB2017092106 - Denial of service in Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones

Published: September 21, 2017

Security Bulletin ID SB2017092106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2017-12219)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones due to the inability to handle many large IP fragments for reassembly in a short duration. A remote attacker can send a specially crafted stream of IP fragments and cause the device to reload unexpectedly.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa

SB2017092106 - Denial of service in Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones

Breakdown by Severity

Description

Remediation

References

Please verify you're human