Sign-up

ID

VAR-201710-0638


CVE

CVE-2017-12259


TITLE

Cisco Small Business SPA51x series IP Phone Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009472

DESCRIPTION

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982. Vendors have confirmed this vulnerability Bug ID CSCvc63982 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2017-12259 // JVNDB: JVNDB-2017-009472 // CNVD: CNVD-2017-32354 // BID: 101488 // VULHUB: VHN-102763

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32354

AFFECTED PRODUCTS

vendor:ciscomodel:small business ip phonescope:lteversion:7.6.2

Trust: 1.0

vendor:ciscomodel:small business ip phonescope: - version: -

Trust: 0.8

vendor:ciscomodel:small business spa51x series ip phonesscope: - version: -

Trust: 0.6

vendor:ciscomodel:small business ip phonescope:eqversion:7.6.2

Trust: 0.6

vendor:ciscomodel:small business spa51x series ip phones 7.6.2sr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:small business spa500 series ip phonesscope:eqversion:7.5.5

Trust: 0.3

vendor:ciscomodel:small business spa500 series ip phones 7.6 sr2scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-32354 // BID: 101488 // JVNDB: JVNDB-2017-009472 // CNNVD: CNNVD-201710-888 // NVD: CVE-2017-12259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12259
value: HIGH

Trust: 1.0

NVD: CVE-2017-12259
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32354
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-888
value: HIGH

Trust: 0.6

VULHUB: VHN-102763
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12259
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32354
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102763
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12259
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32354 // VULHUB: VHN-102763 // JVNDB: JVNDB-2017-009472 // CNNVD: CNNVD-201710-888 // NVD: CVE-2017-12259

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-102763 // JVNDB: JVNDB-2017-009472 // NVD: CVE-2017-12259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-888

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-888

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009472

PATCH
title:cisco-sa-20171018-sipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
Trust: 0.8
title:Patch for CiscoSmallBusinessSPA51xSeriesIPPhones Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/104752
Trust: 0.6
title:Cisco Small Business SPA51x Series IP Phones Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75870
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32354 // 
            
            
            
            JVNDB: JVNDB-2017-009472 // 
            
            
            
            CNNVD: CNNVD-201710-888

EXTERNAL IDS
db:NVDid:CVE-2017-12259
Trust: 3.4
db:BIDid:101488
Trust: 2.0
db:SECTRACKid:1039615
Trust: 1.7
db:JVNDBid:JVNDB-2017-009472
Trust: 0.8
db:CNNVDid:CNNVD-201710-888
Trust: 0.7
db:CNVDid:CNVD-2017-32354
Trust: 0.6
db:VULHUBid:VHN-102763
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32354 // 
            
            
            
            VULHUB: VHN-102763 // 
            
            
            
            BID: 101488 // 
            
            
            
            JVNDB: JVNDB-2017-009472 // 
            
            
            
            CNNVD: CNNVD-201710-888 // 
            
            
            
            NVD: CVE-2017-12259

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-sip
Trust: 2.6
url:http://www.securityfocus.com/bid/101488
Trust: 1.7
url:http://www.securitytracker.com/id/1039615
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12259
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12259
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-32354 // 
            
            
            
            VULHUB: VHN-102763 // 
            
            
            
            BID: 101488 // 
            
            
            
            JVNDB: JVNDB-2017-009472 // 
            
            
            
            CNNVD: CNNVD-201710-888 // 
            
            
            
            NVD: CVE-2017-12259

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101488

SOURCES
db:CNVDid:CNVD-2017-32354
db:VULHUBid:VHN-102763
db:BIDid:101488
db:JVNDBid:JVNDB-2017-009472
db:CNNVDid:CNNVD-201710-888
db:NVDid:CVE-2017-12259

LAST UPDATE DATE
2025-04-20T23:27:15.984000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32354date:2017-11-02T00:00:00
db:VULHUBid:VHN-102763date:2019-10-09T00:00:00
db:BIDid:101488date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009472date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201710-888date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12259date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32354date:2017-10-27T00:00:00
db:VULHUBid:VHN-102763date:2017-10-19T00:00:00
db:BIDid:101488date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009472date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201710-888date:2017-10-23T00:00:00
db:NVDid:CVE-2017-12259date:2017-10-19T08:29:00.263