{"containers": {"cna": {"affected": [{"product": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones"}]}], "datePublic": "2017-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-09-22T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa"}, {"name": "100926", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100926"}, {"name": "1039413", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039413"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12219", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones", "version": {"version_data": [{"version_value": "Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa"}, {"name": "100926", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100926"}, {"name": "1039413", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039413"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12219", "datePublished": "2017-09-21T05:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2017-09-22T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_301_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E955BFE-A202-492C-B0A2-1EC620806988", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CE3C04F-884C-4CD1-8503-DB60CCC1B1F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_303_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED774745-8D65-422A-888F-37D3E71C1682", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*", "matchCriteriaId": "F04B0F29-5620-4714-A151-7CDA2B9D8F2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_500ds_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8347D-0E1A-4E00-9E95-ADC376F867B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "37E3C90F-011D-454C-8E0C-92E72A6EFE1D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_500s_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "C66A6032-B44B-486B-8522-6DB99314BDEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C72E35-F124-4D09-AA68-0678ACBA590D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_501g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "29312DC7-EFF2-4E17-A22B-76F5F8638E7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_502g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A481F1A9-4F99-4AB7-94B7-C7768370D4D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_504g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "07646977-B2A5-4311-9AFE-605FDC694855", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_508g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A002C4EF-8259-4896-A748-57412A8D3375", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_509g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "26E77DAF-E479-4F52-88A7-7189B326429D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_512g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A432C3A-C720-465E-9916-C329718BABCB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_514g_firmware:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "21EF3707-FE37-425B-9C0A-297CB62B28A0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*", "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586."}, {"lang": "es", "value": "Existe una vulnerabilidad en la gesti\u00f3n de los fragmentos de IP para Cisco Small Business SPA300, SPA500, y SPA51x Series IP Phones que podr\u00eda permitir a un atacante autenticado remoto provocar que el dispositivo recargue de manera inesperada, provocando una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la incapacidad para gestionar muchos fragmentos de IP largos para reensamblarlos en un espacio de tiempo peque\u00f1o. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de fragmentos de IP manipulados al dispositivo objetivo. Su explotaci\u00f3n podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio cuando el dispositivo recarga de manera inesperada. Cisco Bug IDs: CSCve82586."}], "id": "CVE-2017-12219", "lastModified": "2019-10-09T23:22:29.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-21T05:29:00.327", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100926"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039413"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}