CVE-2017-12328

Description

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.

Risk Information

Base Score

5.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS Score

Exploitation Probability

0.552

Associated Vulnerability

Vulnerability	OS Platform
Cisco IP Phone 8800 Series Denial of Service Vulnerability For Cisco IP Phone 8800 Series with Multiplatform Firmware	NCM
Improper Input Validation Vulnerability (CVE-2017-12328)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705298	Security Update for Cisco IP Phone 8800 Series with Multiplatform Firmware 11.3(3)MPP1.377

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234