Main Vulnerability Database Vulnerabilities #VU13227

Improper input validation in Cisco Systems, Inc products - CVE-2018-0332

Published: June 7, 2018

Vulnerability identifier: #VU13227

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0332

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Unified IP Phone 6900 Series
Cisco Unified IP Phones 9900 Series
Cisco Unified IP Phone 7900 Series
Cisco 8800 Series IP Phones
Cisco 7800 Series IP Phones

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software due to a lack of flow-control mechanisms in the software. A remote attacker can send high volumes of SIP INVITE traffic and cause a disruption of services on the targeted IP phone.

How to mitigate CVE-2018-0332

No release planned to fix this bug.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos

Improper input validation in Cisco Systems, Inc products - CVE-2018-0332

Detailed vulnerability description

How to mitigate CVE-2018-0332

Sources

Please verify you're human