Denial of service in Cisco Systems, Inc products - CVE-2017-12219
Published: September 21, 2017
Vulnerability identifier: #VU8559
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12219
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Small Business SPA51x
Small Business SPA500
Small Business SPA300
Small Business SPA51x
Small Business SPA500
Small Business SPA300
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones due to the inability to handle many large IP fragments for reassembly in a short duration. A remote attacker can send a specially crafted stream of IP fragments and cause the device to reload unexpectedly.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones due to the inability to handle many large IP fragments for reassembly in a short duration. A remote attacker can send a specially crafted stream of IP fragments and cause the device to reload unexpectedly.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-12219
Install update from vendor's website.