Error handling in Cisco Systems, Inc products - CVE-2018-0316
Published: June 6, 2018 / Updated: June 7, 2018
Vulnerability identifier: #VU13225
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0316
CWE-ID: CWE-388
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco 8800 Series IP Phones
Cisco 7800 Series IP Phones
Cisco 6800 Series IP Phones
Cisco 8800 Series IP Phones
Cisco 7800 Series IP Phones
Cisco 6800 Series IP Phones
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware due to improper handling of errors that could occur when an incoming phone call is not answered. A remote attacker can send a set of maliciously crafted SIP packets and cause the affected phone to reload unexpectedly.
How to mitigate CVE-2018-0316
Update to version 11.1(2).