SB2018060717 - Denial of service in Cisco IP Phones
Published: June 7, 2018
Security Bulletin ID
SB2018060717
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Error handling (CVE-ID: CVE-2018-0316)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware due to improper handling of errors that could occur when an incoming phone call is not answered. A remote attacker can send a set of maliciously crafted SIP packets and cause the affected phone to reload unexpectedly.
Remediation
Install update from vendor's website.