CVE-2017-12328
MEDIUMCisco IP Phone 8800 Series - Denial of Service via Malformed SIP Packet Header
Title source: llmDescription
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039922
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102003
Scores
CVSS v3
5.8
EPSS
0.0213
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (2)
cisco/ip_phone_8800_series_firmware
11.0\(0.1\)
n/a/Cisco IP Phone 8800 Series
Cisco IP Phone 8800 Series
Published
Nov 30, 2017
Tracked Since
Feb 18, 2026