—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability

Advisory ID: cisco-sa-20171018-sip

Revision: 1.0

For Public Release: 2017 October 18 16:00 GMT

Last Updated: 2017 October 18 16:00 GMT

CVE ID(s): CVE-2017-12259

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ53tOZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkikQ/8DrhZbod6YPdz8rWa
SIpHctX9cvl5oHviwwIVd0a08W/c8yEoPX3QxmJk14ePZIpcSVg58eUhhQSd9gBN
y6OkNFux7EtL35ShfLHGxKdN08Fx4z5bREzXrrqnWL7X71TRDmSRPr3h2OL+SEod
JwT3YP2zL7sxqzFRr9WyUmugzHuhUGQPCMcuoosz50mmzqn71b6RUitMpKP1RlJX
LV9c4S0So0GPfs7v5xEsksePZbsb/VVNWbAkQ33NrUYBOwJ+n6Ot3FXUJBD12NF+
m501Fgh89kZt+cjhJv3EQ0usvIXwUqh8IoATWboAQQpmXqUkFVWjV/YgT907DjJC
fR+II6xUM46u37GzNadWa5BxUMrEWAW3LAxz1pgKbuxCpCieibHoES+CAeyiVHgs
jTTlBnSXt7R0zeaX8HCe2P4oFLHzLXjuqm1Yl4iYHrn2xhMd4iE617WwXxz08r7d
IAug3pddqE0rAgzleHPuMVrEzxd0+Pj2Q6+OrvCzydzqUl5Q2ADF6IGK3hcCb4QC
5+R/zrEXTKsADKQBHLIzp9Iuh+gSPrvZi8pbkG8egmigHPekDgM/Y0+cIXcM3XLE
emAd13MqJ2TSp27BCd0HEed/qwk1J7lwEDf4XUoYP7bVAPiUF1SEKfFOZ9Asek57
Lu33xQYp3nSGkIxEQxICX5UNsRc=
=Qj36
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com