{ "id": "CVE-2018-0332", "sourceIdentifier": "ykramarz@cisco.com", "published": "2018-06-07T21:29:00.400", "lastModified": "2019-10-09T23:31:47.740", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945." }, { "lang": "es", "value": "Una vulnerabilidad en el procesamiento de paquetes entrantes SIP (Session Initiation Protocol) del software Cisco Unified IP Phone podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la falta de mecanismos de control de flujo en el software. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de grandes vol\u00famenes de tr\u00e1fico SIP INVITE al dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un atacante provoque una interrupci\u00f3n de los servicios en el tel\u00e9fono IP objetivo. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\\(9.99002.1\\):*:*:*:*:*:*:*", "matchCriteriaId": "3D3D7A0C-A65C-4AA3-99A8-91142783802C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\\(9.99002.1\\):*:*:*:*:*:*:*", "matchCriteriaId": "3D3D7A0C-A65C-4AA3-99A8-91142783802C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*", "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7912g:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA43909C-9ED4-40B3-A179-48568BA5E4B3" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*", "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*", "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*", "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DCC90CA-7D61-4B77-BA39-D343E2A65A59" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DCC90CA-7D61-4B77-BA39-D343E2A65A59" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "BDD6E0D0-6B8D-4C72-80F9-BF43EAD22CA9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/104445", "source": "ykramarz@cisco.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1041074", "source": "ykramarz@cisco.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }