Lucene search

[email protected]CVE-2017-12219

HistorySep 21, 2017 - 5:29 a.m.

CVE-2017-12219

2017-09-2105:29:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2017-12219

cisco

small business

spa300

spa500

spa51x

ip phones

vulnerability

denial of service

dos

exploit

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.

Affected configurations

NVD

Node

ciscospa_301_firmwareMatch7.6.2

AND

ciscospa_301Match-

Node

ciscospa_303_firmwareMatch7.6.2

AND

ciscospa_303Match-

Node

ciscospa_500ds_firmwareMatch7.6.2

AND

ciscospa_500dsMatch-

Node

ciscospa_500s_firmwareMatch7.6.2

AND

ciscospa_500sMatch-

Node

ciscospa_501g_firmwareMatch7.6.2

AND

ciscospa_501gMatch-

Node

ciscospa_502g_firmwareMatch7.6.2

AND

ciscospa_502gMatch-

Node

ciscospa_504g_firmwareMatch7.6.2

AND

ciscospa_504gMatch-

Node

ciscospa_508g_firmwareMatch7.6.2

AND

ciscospa_508gMatch-

Node

ciscospa_509g_firmwareMatch7.6.2

AND

ciscospa_509gMatch-

Node

ciscospa_512g_firmwareMatch7.6.2

AND

ciscospa_512gMatch-

Node

ciscospa_514g_firmwareMatch7.6.2

AND

ciscospa_514gMatch-

CPENameOperatorVersion
cisco:spa_301_firmwarecisco spa 301 firmwareeq7.6.2

CPE	Name	Operator	Version
cisco:spa_301_firmware	cisco spa 301 firmware	eq	7.6.2

CNA Affected

[
  {
    "product": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100926

www.securitytracker.com/id/1039413

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2017-12219

cvelist1 prion1 nvd1 cisco1