admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding Cisco CVE-2018-0389

Browse Source
This commit is contained in:
santosomar 2019-03-13 15:21:36 +00:00
parent 87a83e4a37
commit ad7aadb2e2
No known key found for this signature in database
GPG Key ID: 8E19A9D13AF27EDC
1 changed files with 85 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
2018/0xxx/CVE-2018-0389.json
View File

@ -1,18 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0389", "DATE_PUBLIC": "2019-03-13T16:00:00-0700",
"STATE" : "RESERVED" "ID": "CVE-2018-0389",
}, "STATE": "PUBLIC",
"data_format" : "MITRE", "TITLE": "Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability"
"data_type" : "CVE", },
"data_version" : "4.0", "affects": {
"description" : { "vendor": {
"description_data" : [ "vendor_data": [
{ {
"lang" : "eng", "product": {
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
} {
] "product_name": "Cisco Small Business SPA500 Series IP Phones ",
} "version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.6.2SR2"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190313 Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip"
}
]
},
"source": {
"advisory": "cisco-sa-20190313-sip",
"defect": [
[
"CSCvc63989"
]
],
"discovery": "INTERNAL"
}
} }