CVE-2018-0325 - OpenCVE

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Ip Phone 8800 Ip Phone 7800 Ip Phone 7800 Firmware Ip Phone 8800 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8800_firmware:9.4\(2\)sr4:::::::*
	cpe:2.3:o:cisco:ip_phone_8800_firmware:10.3\(1\)sr4:::::::*

cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/104202	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040927	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-05-17T03:00:00

Updated: 2018-05-19T09:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0325

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-17T03:29:00.810

Modified: 2019-10-09T23:31:46.537

Link: CVE-2018-0325

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Cisco IP Phone 7800 Series and 8800 Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IP Phone 7800 Series and 8800 Series"}]}], "datePublic": "2018-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-19T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1040927", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040927"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos"}, {"name": "104202", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104202"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0325", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IP Phone 7800 Series and 8800 Series", "version": {"version_data": [{"version_value": "Cisco IP Phone 7800 Series and 8800 Series"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "1040927", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040927"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos"}, {"name": "104202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104202"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0325", "datePublished": "2018-05-17T03:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-05-19T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8800_firmware:9.4\\(2\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "0F47D1FC-4F02-4118-B9A8-CEAC06A9FAEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_firmware:10.3\\(1\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "F63E0334-2895-410E-BCE9-95A73825AF8F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1BBEA07-3154-4270-B865-D4AD26EB3B42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D16986-6C5D-4DF1-8B4C-107D7E715C62", "versionEndExcluding": "12.1\\(1.12\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF03D5F2-0483-409B-90F0-A1430774A258", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B88BCB29-F97D-4CEE-B350-CC74F5046E66", "versionEndExcluding": "12.1\\(1\\)mn130", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF03D5F2-0483-409B-90F0-A1430774A258", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de gesti\u00f3n de llamadas SIP (Session Initiation Protocol) de los tel\u00e9fonos Session Initiation Protocol de las series 7800 y 8800 podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en un tel\u00e9fono afectado. La vulnerabilidad se debe a la validaci\u00f3n de entradas incorrecta de los par\u00e1metros SIP Session Description Protocol (SDP) mediante el analizador SDP de un tel\u00e9fono afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una un paquete SIP mal formado al tel\u00e9fono afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque que todas las llamadas de tel\u00e9fono activas en el tel\u00e9fono afectado se cuelguen mientras el proceso SIP se reinicia inesperadamente, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Cisco Bug IDs: CSCvf40066."}], "id": "CVE-2018-0325", "lastModified": "2019-10-09T23:31:46.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-17T03:29:00.810", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104202"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040927"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}