cvelistv5 - cve-2017-12260

CVE-2017-12260 (GCVE-0-2017-12260)

Vulnerability from cvelistv5 – Published: 2017-10-19 08:00 – Updated: 2024-08-05 18:28

Summary

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.

Severity ?

No CVSS data available.

CWE

CWE-119

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/101495	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1039616	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones	Affected: Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101495"
          },
          {
            "name": "1039616",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039616"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones"
            }
          ]
        }
      ],
      "datePublic": "2017-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-20T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "101495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101495"
        },
        {
          "name": "1039616",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039616"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12260",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101495",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101495"
            },
            {
              "name": "1039616",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039616"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12260",
    "datePublished": "2017-10-19T08:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"3BDD5305-DBCE-44E2-8246-C45C9AF04A88\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A258316-4DB6-47AC-90C0-CB9EF777E151\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"B4B42E9A-3803-4359-8736-8629169F35F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5DF893E-7E9E-419B-8E7C-E846333646BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"2287FB05-3FDD-4B80-8537-67F80B851119\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"B6EE4CB0-E332-4261-B92A-F8DB1E571AA9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B26A21E-CD32-4DED-8A31-4CCA1C4DD642\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"241D9468-FB18-4E5F-B55C-04C4D2554E16\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A4373DD-753A-46A6-BB96-0488EA52157E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"B955A49C-EB75-428C-A7CC-AC58604B635B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBA0C4D-4BB6-455D-8355-F4FACC5D721C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"95DF4D27-49DC-4F57-9E3D-E28E5D23AFA0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97551DEA-85F9-4A38-A8AC-F477CB7ABC2C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.2\", \"matchCriteriaId\": \"B726AAE8-6556-48D9-ACB7-83538F9FE653\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADAD4489-26BB-4FF4-8D7A-0805CFDD0F31\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la implementaci\\u00f3n de la funcionalidad Session Initiation Protocol (SIP) en Cisco Small Business SPA50x, SPA51x y SPA52x Series IP Phones podr\\u00eda permitir que un atacante remoto sin autenticar haga que el dispositivo afectado no responda, lo que da como resultado una condici\\u00f3n de denegaci\\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto de los mensajes de petici\\u00f3n SIP por parte de un dispositivo afectado. Un atacante podr\\u00eda explotar esta vulnerabilidad utilizando especificadores formateados en un payload SIP que se env\\u00edan a un dispositivo afectado. Un exploit con \\u00e9xito, podr\\u00eda permitir que el atacante consiga que el dispositivo afectado no responda, lo que da como resultado una condici\\u00f3n de DoS que persista hasta que el dispositivo se reinicie manualmente. Esta vulnerabilidad afecta a Cisco Small Business SPA50x, SPA51x, y SPA52x Series IP Phones que ejecutan la distribuci\\u00f3n de firmware 7.6.2SR1 o anterior. Cisco Bug IDs: CSCvc63986.\"}]",
      "id": "CVE-2017-12260",
      "lastModified": "2024-11-21T03:09:11.170",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-19T08:29:00.310",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101495\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039616\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039616\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12260\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-10-19T08:29:00.310\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Session Initiation Protocol (SIP) en Cisco Small Business SPA50x, SPA51x y SPA52x Series IP Phones podr\u00eda permitir que un atacante remoto sin autenticar haga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto de los mensajes de petici\u00f3n SIP por parte de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando especificadores formateados en un payload SIP que se env\u00edan a un dispositivo afectado. Un exploit con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de DoS que persista hasta que el dispositivo se reinicie manualmente. Esta vulnerabilidad afecta a Cisco Small Business SPA50x, SPA51x, y SPA52x Series IP Phones que ejecutan la distribuci\u00f3n de firmware 7.6.2SR1 o anterior. Cisco Bug IDs: CSCvc63986.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"3BDD5305-DBCE-44E2-8246-C45C9AF04A88\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A258316-4DB6-47AC-90C0-CB9EF777E151\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"B4B42E9A-3803-4359-8736-8629169F35F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5DF893E-7E9E-419B-8E7C-E846333646BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"2287FB05-3FDD-4B80-8537-67F80B851119\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"B6EE4CB0-E332-4261-B92A-F8DB1E571AA9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B26A21E-CD32-4DED-8A31-4CCA1C4DD642\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"241D9468-FB18-4E5F-B55C-04C4D2554E16\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4373DD-753A-46A6-BB96-0488EA52157E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"B955A49C-EB75-428C-A7CC-AC58604B635B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBA0C4D-4BB6-455D-8355-F4FACC5D721C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"95DF4D27-49DC-4F57-9E3D-E28E5D23AFA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97551DEA-85F9-4A38-A8AC-F477CB7ABC2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.2\",\"matchCriteriaId\":\"B726AAE8-6556-48D9-ACB7-83538F9FE653\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADAD4489-26BB-4FF4-8D7A-0805CFDD0F31\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101495\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039616\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039616\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-372

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Nexus 9500 R-Series Line Cards et Fabric Modules
Cisco	N/A	Nexus 5500 Platform Switches
Cisco	N/A	Firepower 9300 Security Appliance
Cisco	N/A	UCS 6200 Series Fabric Interconnects
Cisco	N/A	Nexus 6000 Series Switches
Cisco	N/A	Nexus 7000 Series Switches
Cisco	N/A	Nexus 1100 Series Cloud Services Platforms
Cisco	Small Business	Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou antérieure
Cisco	N/A	Nexus 7700 Series Switches
Cisco	N/A	UCS 6300 Series Fabric Interconnects
Cisco	N/A	Nexus 3500 Platform Switches
Cisco	N/A	Nexus 5600 Platform Switches
Cisco	N/A	Nexus 1000V Series Switches
Cisco	N/A	Multilayer Director Switches
Cisco	N/A	Unified Computing System (UCS) 6100 Series Fabric Interconnects
Cisco	NX-OS	Nexus 9000 Series Switches en mode NX-OS
Cisco	N/A	Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2
Cisco	N/A	Nexus 5000 Series Switches
Cisco	N/A	Nexus 3000 Series Switches
Cisco	N/A	Firepower 4100 Series Next-Generation Firewall
Cisco	N/A	Nexus 2000 Series Switches

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20171018-ccs du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-sip1 du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-sip du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-aaavty du 18 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nexus 9500 R-Series Line Cards et Fabric Modules",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5500 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 9300 Security Appliance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "UCS 6200 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 6000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 7000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 1100 Series Cloud Services Platforms",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou ant\u00e9rieure",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 7700 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "UCS 6300 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 3500 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5600 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 1000V Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Multilayer Director Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Computing System (UCS) 6100 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 9000 Series Switches en mode NX-OS",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 3000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 4100 Series Next-Generation Firewall",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 2000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-12259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12259"
    },
    {
      "name": "CVE-2017-12260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12260"
    },
    {
      "name": "CVE-2017-12251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12251"
    },
    {
      "name": "CVE-2017-3883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3883"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-372",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-ccs du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip1 du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-aaavty du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
    }
  ]
}

CERTFR-2017-AVI-372

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Nexus 9500 R-Series Line Cards et Fabric Modules
Cisco	N/A	Nexus 5500 Platform Switches
Cisco	N/A	Firepower 9300 Security Appliance
Cisco	N/A	UCS 6200 Series Fabric Interconnects
Cisco	N/A	Nexus 6000 Series Switches
Cisco	N/A	Nexus 7000 Series Switches
Cisco	N/A	Nexus 1100 Series Cloud Services Platforms
Cisco	Small Business	Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou antérieure
Cisco	N/A	Nexus 7700 Series Switches
Cisco	N/A	UCS 6300 Series Fabric Interconnects
Cisco	N/A	Nexus 3500 Platform Switches
Cisco	N/A	Nexus 5600 Platform Switches
Cisco	N/A	Nexus 1000V Series Switches
Cisco	N/A	Multilayer Director Switches
Cisco	N/A	Unified Computing System (UCS) 6100 Series Fabric Interconnects
Cisco	NX-OS	Nexus 9000 Series Switches en mode NX-OS
Cisco	N/A	Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2
Cisco	N/A	Nexus 5000 Series Switches
Cisco	N/A	Nexus 3000 Series Switches
Cisco	N/A	Firepower 4100 Series Next-Generation Firewall
Cisco	N/A	Nexus 2000 Series Switches

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20171018-ccs du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-sip1 du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-sip du 18 octobre 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20171018-aaavty du 18 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nexus 9500 R-Series Line Cards et Fabric Modules",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5500 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 9300 Security Appliance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "UCS 6200 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 6000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 7000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 1100 Series Cloud Services Platforms",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou ant\u00e9rieure",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 7700 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "UCS 6300 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 3500 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5600 Platform Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 1000V Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Multilayer Director Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Computing System (UCS) 6100 Series Fabric Interconnects",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 9000 Series Switches en mode NX-OS",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 5000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 3000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Firepower 4100 Series Next-Generation Firewall",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 2000 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-12259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12259"
    },
    {
      "name": "CVE-2017-12260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12260"
    },
    {
      "name": "CVE-2017-12251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12251"
    },
    {
      "name": "CVE-2017-3883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3883"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-372",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-ccs du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip1 du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-aaavty du 18 octobre 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
    }
  ]
}

CNVD-2017-32353

Vulnerability from cnvd - Published: 2017-11-02

Title

Cisco Small Business SPA50x、SPA51x和SPA52x Series IP Phones拒绝服务漏洞

Description

Cisco Small Business SPA50x、SPA51x和SPA52x Series IP Phones都是美国思科（Cisco）公司的IP电话产品。 Cisco Small Business SPA50x、SPA51x和SPA52x Series IP Phones中的Session Initiation Protocol (SIP)功能的实现存在拒绝服务漏洞，该漏洞源于程序未能正确的处理SIP请求消息。远程攻击者可通过向受影响设备上发送带有格式化字符串的SIP载荷利用该漏洞造成拒绝服务（无法响应）。

Severity

中

Patch Name

Cisco Small Business SPA50x、SPA51x和SPA52x Series IP Phones拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1 http://www.securityfocus.com/bid/101495

Impacted products

Name
['Cisco Small Business SPA50x Series IP Phones', 'Cisco Small Business SPA51x Series IP Phones', 'Cisco Small Business SPA52x Series IP Phones']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12260"
    }
  },
  "description": "Cisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684IP\u7535\u8bdd\u4ea7\u54c1\u3002\r\n\r\nCisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u4e2d\u7684Session Initiation Protocol (SIP)\u529f\u80fd\u7684\u5b9e\u73b0\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406SIP\u8bf7\u6c42\u6d88\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u53d1\u9001\u5e26\u6709\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u7684SIP\u8f7d\u8377\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u6cd5\u54cd\u5e94\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32353",
  "openTime": "2017-11-02",
  "patchDescription": "Cisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684IP\u7535\u8bdd\u4ea7\u54c1\u3002\r\n\r\nCisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u4e2d\u7684Session Initiation Protocol (SIP)\u529f\u80fd\u7684\u5b9e\u73b0\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406SIP\u8bf7\u6c42\u6d88\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u53d1\u9001\u5e26\u6709\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u7684SIP\u8f7d\u8377\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u6cd5\u54cd\u5e94\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Small Business SPA50x Series IP Phones",
      "Cisco Small Business SPA51x Series IP Phones",
      "Cisco Small Business SPA52x Series IP Phones"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1\r\nhttp://www.securityfocus.com/bid/101495",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-19",
  "title": "Cisco Small Business SPA50x\u3001SPA51x\u548cSPA52x Series IP Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-X6RW-M9V7-FF3G

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-19T08:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.",
  "id": "GHSA-x6rw-m9v7-ff3g",
  "modified": "2022-05-13T01:38:00Z",
  "published": "2022-05-13T01:38:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12260"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101495"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039616"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-12260

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12260

Aliases

CVE-2017-12260

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12260",
    "description": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.",
    "id": "GSD-2017-12260"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12260"
      ],
      "details": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.",
      "id": "GSD-2017-12260",
      "modified": "2023-12-13T01:21:04.151350Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-12260",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-119"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101495",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101495"
          },
          {
            "name": "1039616",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039616"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12260"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
            },
            {
              "name": "1039616",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039616"
            },
            {
              "name": "101495",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101495"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:22Z",
      "publishedDate": "2017-10-19T08:29Z"
    }
  }
}

FKIE_CVE-2017-12260

Vulnerability from fkie_nvd - Published: 2017-10-19 08:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/101495	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039616	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101495	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039616	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	spa_501g_firmware	*
cisco	spa_501g	-
cisco	spa_502g_firmware	*
cisco	spa_502g	-
cisco	spa_504g_firmware	*
cisco	spa_504g	-
cisco	spa_508g_firmware	*
cisco	spa_508g	-
cisco	spa_509g_firmware	*
cisco	spa_509g	-
cisco	spa_512g_firmware	*
cisco	spa_512g	-
cisco	spa_514g_firmware	*
cisco	spa_514g	-
cisco	spa_525g_firmware	*
cisco	spa_525g	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "3BDD5305-DBCE-44E2-8246-C45C9AF04A88",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "B4B42E9A-3803-4359-8736-8629169F35F5",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "2287FB05-3FDD-4B80-8537-67F80B851119",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "B6EE4CB0-E332-4261-B92A-F8DB1E571AA9",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "241D9468-FB18-4E5F-B55C-04C4D2554E16",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "B955A49C-EB75-428C-A7CC-AC58604B635B",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "95DF4D27-49DC-4F57-9E3D-E28E5D23AFA0",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "B726AAE8-6556-48D9-ACB7-83538F9FE653",
              "versionEndIncluding": "7.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAD4489-26BB-4FF4-8D7A-0805CFDD0F31",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Session Initiation Protocol (SIP) en Cisco Small Business SPA50x, SPA51x y SPA52x Series IP Phones podr\u00eda permitir que un atacante remoto sin autenticar haga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto de los mensajes de petici\u00f3n SIP por parte de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando especificadores formateados en un payload SIP que se env\u00edan a un dispositivo afectado. Un exploit con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de DoS que persista hasta que el dispositivo se reinicie manualmente. Esta vulnerabilidad afecta a Cisco Small Business SPA50x, SPA51x, y SPA52x Series IP Phones que ejecutan la distribuci\u00f3n de firmware 7.6.2SR1 o anterior. Cisco Bug IDs: CSCvc63986."
    }
  ],
  "id": "CVE-2017-12260",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T08:29:00.310",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101495"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039616"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201710-0640

Vulnerability from variot - Updated: 2023-12-18 13:29

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0640",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa 514g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 508g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 501g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 509g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 512g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 504g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 525g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 502g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa50x series ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa51x series ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa52x series ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 525g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 512g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 508g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 501g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 509g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 504g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 514g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa 502g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business spa500 series ip phones 7.6 sr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "BID",
        "id": "101495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "101495"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-12260",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12260",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-32353",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-102765",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12260",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12260",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-32353",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-887",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-102765",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986. Vendors have confirmed this vulnerability Bug ID CSCvc63986 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "BID",
        "id": "101495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12260",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "101495",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1039616",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "db": "BID",
        "id": "101495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "id": "VAR-201710-0640",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      }
    ],
    "trust": 1.5108974325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:29:09.428000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20171018-sip1",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-sip1"
      },
      {
        "title": "Patch for CiscoSmallBusinessSPA50x, SPA51x, and SPA52xSeriesIPPhones Denial of Service Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/105205"
      },
      {
        "title": "Cisco Small Business SPA50x , SPA51x  and SPA52x Series IP Phones Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75869"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-sip1"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/101495"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039616"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12260"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12260"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "db": "BID",
        "id": "101495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "db": "BID",
        "id": "101495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "date": "2017-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "date": "2017-10-18T00:00:00",
        "db": "BID",
        "id": "101495"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "date": "2017-10-19T08:29:00.310000",
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "date": "2017-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32353"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102765"
      },
      {
        "date": "2017-10-18T00:00:00",
        "db": "BID",
        "id": "101495"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      },
      {
        "date": "2019-10-09T23:22:46.230000",
        "db": "NVD",
        "id": "CVE-2017-12260"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business IP Phone Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009473"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-887"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12260 (GCVE-0-2017-12260)

CERTFR-2017-AVI-372

Solution

CERTFR-2017-AVI-372

Solution

CNVD-2017-32353

GHSA-X6RW-M9V7-FF3G

GSD-2017-12260

FKIE_CVE-2017-12260

VAR-201710-0640

Tags

Sightings

Nomenclature