CVE-2018-0325

{"id": "CVE-2018-0325", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-17T03:29:00.810", "references": [{"url": "http://www.securityfocus.com/bid/104202", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040927", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de gesti\u00f3n de llamadas SIP (Session Initiation Protocol) de los tel\u00e9fonos Session Initiation Protocol de las series 7800 y 8800 podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en un tel\u00e9fono afectado. La vulnerabilidad se debe a la validaci\u00f3n de entradas incorrecta de los par\u00e1metros SIP Session Description Protocol (SDP) mediante el analizador SDP de un tel\u00e9fono afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una un paquete SIP mal formado al tel\u00e9fono afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque que todas las llamadas de tel\u00e9fono activas en el tel\u00e9fono afectado se cuelguen mientras el proceso SIP se reinicia inesperadamente, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Cisco Bug IDs: CSCvf40066."}], "lastModified": "2019-10-09T23:31:46.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8800_firmware:9.4\\(2\\)sr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F47D1FC-4F02-4118-B9A8-CEAC06A9FAEF"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8800_firmware:10.3\\(1\\)sr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63E0334-2895-410E-BCE9-95A73825AF8F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1BBEA07-3154-4270-B865-D4AD26EB3B42"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00D16986-6C5D-4DF1-8B4C-107D7E715C62", "versionEndExcluding": "12.1\\(1.12\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF03D5F2-0483-409B-90F0-A1430774A258"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B88BCB29-F97D-4CEE-B350-CC74F5046E66", "versionEndExcluding": "12.1\\(1\\)mn130"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF03D5F2-0483-409B-90F0-A1430774A258"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}