CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
EPSS
Percentile
85.0%
A vulnerability in Session Initiation Protocol (SIP) header processing of Cisco fourth-generation IP phones could allow an unauthenticated, remote attacker to cause the IP phone to unregister.
The vulnerability is due to improper SIP header processing. An attacker could exploit this vulnerability by sending a crafted SIP header to the affected phone. An exploit could allow the attacker to force the IP phone to unregister.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks to send a crafted SIP header to a targeted phone. This access requirement may reduce the likelihood of a successful attack.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_ip_phones_9900_series_firmware | any | cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:any:*:*:*:*:*:*:* |
cisco | unified_ip_phones_9951_firmware | 9900_series_firmware | cpe:2.3:o:cisco:unified_ip_phones_9951_firmware:9900_series_firmware:*:*:*:*:*:*:* |