—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20180606-multiplatform-sip
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0316
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+———————————————————————
Summary
=======
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.
The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAZDXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczGjsP/iwxgGmFfKlk8gYg7DqdkJzpPJpq
NyPCkwv4W7Y522G097G46+2RaNsEzDsQI9X9QuN+c9dHmM/5b5LWKJPGAkUaB/Jv
enl4Y8oG+BruI81t3YxKzeRPTx7cQ9xVXJB9j9NQUOxsKcyYinMcLximzoqQJ/ji
Cz1lumojIqq3h/qNSksq8VcohGSjIbEcZQ93jK7eczWLSFzkLwJHK12cYXpivJtm
5Sm4Y2k2HIB89Hh11O4QMpprbF2SwnRnYKkLQwK4GfIW3086A4kCkMrS1wlpfmUo
7/PT61yvpRMzvFOvkDRqtEmhgYVIV7tweiLf2iMujHiqyP1G/2pT5PNHB6g8yKDl
Rxzln9blp9Bw7MJq43OgXAejBCp7+yFeibXpzPsEu1Wi9k+85S2kEMLkjGQRpYAO
EPwQwpHJ70Yo3KtRnKL73FT4Ki8dpRjQs08O2Uo+B0d3l9uQjCAIwZlAUNV1tUiU
xLWz/FehK5aU2gqyTJ2FTPiHdoakdtM3/2HnFc9PIbMfOOK0Amnn9RwDI7J9E+e4
hH91ZopgfzVql7+dVVGPpEpGoJgy4LFiTCHA7jTU8B8SKq/xIi75r/ezAg4XRrlA
VewxXcSjsP/gqKKvby22LFh7JMKKuPoaIcMIE92B9EP6wRbmaZVQexCv/1R542Yr
Q/vPBA5rfVZacMNt
=QrNY
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com