You are here
Home > Preporuke > Ranjivost Cisco IP telefona

Ranjivost Cisco IP telefona

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20180606-multiplatform-sip

Revision: 1.0

For Public Release: 2018 June 6 16:00 GMT

Last Updated: 2018 June 6 16:00 GMT

CVE ID(s): CVE-2018-0316

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.

The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbGAZDXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczGjsP/iwxgGmFfKlk8gYg7DqdkJzpPJpq
NyPCkwv4W7Y522G097G46+2RaNsEzDsQI9X9QuN+c9dHmM/5b5LWKJPGAkUaB/Jv
enl4Y8oG+BruI81t3YxKzeRPTx7cQ9xVXJB9j9NQUOxsKcyYinMcLximzoqQJ/ji
Cz1lumojIqq3h/qNSksq8VcohGSjIbEcZQ93jK7eczWLSFzkLwJHK12cYXpivJtm
5Sm4Y2k2HIB89Hh11O4QMpprbF2SwnRnYKkLQwK4GfIW3086A4kCkMrS1wlpfmUo
7/PT61yvpRMzvFOvkDRqtEmhgYVIV7tweiLf2iMujHiqyP1G/2pT5PNHB6g8yKDl
Rxzln9blp9Bw7MJq43OgXAejBCp7+yFeibXpzPsEu1Wi9k+85S2kEMLkjGQRpYAO
EPwQwpHJ70Yo3KtRnKL73FT4Ki8dpRjQs08O2Uo+B0d3l9uQjCAIwZlAUNV1tUiU
xLWz/FehK5aU2gqyTJ2FTPiHdoakdtM3/2HnFc9PIbMfOOK0Amnn9RwDI7J9E+e4
hH91ZopgfzVql7+dVVGPpEpGoJgy4LFiTCHA7jTU8B8SKq/xIi75r/ezAg4XRrlA
VewxXcSjsP/gqKKvby22LFh7JMKKuPoaIcMIE92B9EP6wRbmaZVQexCv/1R542Yr
Q/vPBA5rfVZacMNt
=QrNY
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorAndrej Sefic
Cert idNCERT-REF-2018-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivost Cisco ASA uređaju

Otkrivena je ranjivost na web sučelju Cisco ASA uređaja uzrokovana nedostatnom provjerom unešenog HTTP URL-a. Otkrivena ranjivost potencijalnim udaljenim neautenticiranim...

Close