A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104445 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041074 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2018-06-07T21:00:00
Updated: 2018-06-14T09:57:01
Reserved: 2017-11-27T00:00:00
Link: CVE-2018-0332
JSON object: View
NVD Information
Status : Modified
Published: 2018-06-07T21:29:00.400
Modified: 2019-10-09T23:31:47.740
Link: CVE-2018-0332
JSON object: View
Redhat Information
No data.