—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability

Advisory ID: cisco-sa-20171018-sip1

Revision: 1.0

For Public Release: 2017 October 18 16:00 GMT

Last Updated: 2017 October 18 16:00 GMT

CVE ID(s): CVE-2017-12260

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ53tQZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmQcQ//WixnKTOhM9Iy9BX2
Quw7woSyl6+ukT9nwVUNo4BgmPX9jU2SLKKmQVKRRn4ZL5MFGTa6DCgDGRo/WGrV
QZIVTA5hhQDhLAYAy8r/yqK3XUjy/ExI3LNWjh4iOjFFpbiZhh2xbWdLKOPWC1mG
4RGes8Dm3A5yQNvn708zm2CGSwCvGZhAPnkPs07bUEgRIqF7UG8Xwv+t2xbsGDXs
kpF3M6gTxUKIHqmu8OfrLFJAdkgYRvYBAPiswrFQNh3Nl/AFV8uT/SEHmMLJ7h3U
1Vw7MlMq0M7LU/1nVrEf0t5XkeJVme48OopsfnUgX1RFLcraFtqvu5ZGihAPenJd
mdT6gtiqXxXXGJvkQXc7YZn2aTHuXbTZ8/dNRFc3DAmSnPJ7jJb5OGjI7VMHDLeZ
49rogMSb4nr1YmhttnXCnzvIAjNg2Cozs6W+G34VZvYXrYOAwPDj51duhUMvfv7V
gW0JfvSYQcXqwIgXJG2dU8HSHgLGIQT73mNC3WJrjDA3IKjGKYAMV+OtSBrUs9W+
6LAjn6Fx+Bb23NLAMPwIe0wfCOtg6RcWQbCW6U2SfdQFP4rYoCxYT8Bj0LMxGtd2
jAcuqpyE12o6Qa7mabCwNWciYE6QmUxlCjHq3Jqt73jldClX7Pk1NQmVjAppi+Ph
xbWymYRYTgzKLxL9hrrQAtU0NLU=
=Cssw
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com