Home

CVE-2018-0332

Description

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.409

Associated Vulnerability

VulnerabilityOS Platform
Cisco Unified IP Phone Software Denial of Service Vulnerability For Cisco IP Phone 7800 SeriesNCM
Cisco Unified IP Phone Software Denial of Service Vulnerability For Cisco Unified IP Phones 9900 SeriesNCM
Cisco Unified IP Phone Software Denial of Service Vulnerability For Cisco IP Phone FW 7900 Series SoftwareNCM
Cisco Unified IP Phone Software Denial of Service Vulnerability For Cisco IP Phone 8800 SeriesNCM
Cisco Unified IP Phone Software Denial of Service Vulnerability For Cisco SIP IP Phone SoftwareNCM
CVE-2018-0332NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705975Security Update for Cisco IP Phone 7800 Series 11.7(1)
PATCH-1705686Security Update for Cisco Unified IP Phones 9900 Series 9.4(3)MN75
PATCH-1705386Security Update for Cisco IP Phone FW 7900 Series Software 9.4(2)TH1.1
PATCH-1705974Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2
PATCH-1705918Security Update for Cisco SIP IP Phone Software 11.7(1)MN19

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234