cnvd - cnvd-2018-11347

cnvd-2018-11347

Vulnerability from cnvd

Title: Cisco IP Phone 6800、7800和8800 Series Phones拒绝服务漏洞

Description:

Cisco IP Phone 6800、7800和8800 Series Phones都是美国思科（Cisco）公司的不同系列的IP电话产品。Multiplatform Firmware是其中的一套支持多平台的防火墙软件。

使用Multiplatform Firmware 11.1(2)之前版本的Cisco IP Phone 6800、7800和8800 Series Phones中的Session Initiation Protocol (SIP)通话处理功能存在资源管理错误漏洞，该漏洞源于固件未能正确的处理当打进的电话没有接听时出现的错误。远程攻击者可通过发送恶意制作的SIP数据包利用该漏洞造成手机重新加载，导致拒绝服务。

Severity: 高

Patch Name: Cisco IP Phone 6800、7800和8800 Series Phones拒绝服务漏洞的补丁

Patch Description:

Cisco IP Phone 6800、7800和8800 Series Phones都是美国思科（Cisco）公司的不同系列的IP电话产品。Multiplatform Firmware是其中的一套支持多平台的防火墙软件。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip

Impacted products

Name
['Cisco IP Phone 8800', 'Cisco IP Phone 6800', 'Cisco IP Phone 7800']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0316"
    }
  },
  "description": "Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684IP\u7535\u8bdd\u4ea7\u54c1\u3002Multiplatform Firmware\u662f\u5176\u4e2d\u7684\u4e00\u5957\u652f\u6301\u591a\u5e73\u53f0\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002\r\n\r\n\u4f7f\u7528Multiplatform Firmware 11.1(2)\u4e4b\u524d\u7248\u672c\u7684Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u4e2d\u7684Session Initiation Protocol (SIP)\u901a\u8bdd\u5904\u7406\u529f\u80fd\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fa\u4ef6\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5f53\u6253\u8fdb\u7684\u7535\u8bdd\u6ca1\u6709\u63a5\u542c\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u5236\u4f5c\u7684SIP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u624b\u673a\u91cd\u65b0\u52a0\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11347",
  "openTime": "2018-06-12",
  "patchDescription": "Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684IP\u7535\u8bdd\u4ea7\u54c1\u3002Multiplatform Firmware\u662f\u5176\u4e2d\u7684\u4e00\u5957\u652f\u6301\u591a\u5e73\u53f0\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002\r\n\r\n\u4f7f\u7528Multiplatform Firmware 11.1(2)\u4e4b\u524d\u7248\u672c\u7684Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u4e2d\u7684Session Initiation Protocol (SIP)\u901a\u8bdd\u5904\u7406\u529f\u80fd\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fa\u4ef6\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5f53\u6253\u8fdb\u7684\u7535\u8bdd\u6ca1\u6709\u63a5\u542c\u65f6\u51fa\u73b0\u7684\u9519\u8bef\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u5236\u4f5c\u7684SIP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u624b\u673a\u91cd\u65b0\u52a0\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IP Phone 8800",
      "Cisco IP Phone 6800",
      "Cisco IP Phone 7800"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-12",
  "title": "Cisco IP Phone 6800\u30017800\u548c8800 Series Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0316 (GCVE-0-2018-0316)

Vulnerability from cvelistv5

Published

2018-06-07 12:00

Modified

2024-11-29 15:06

Severity ?

CWE

CWE-399

Summary

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041073	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco IP Phone 6800, 7800, and 8800 Series unknown	Version: Cisco IP Phone 6800, 7800, and 8800 Series unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041073",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:52.166934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:06:41.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 6800, 7800, and 8800 Series unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IP Phone 6800, 7800, and 8800 Series unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-13T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1041073",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 6800, 7800, and 8800 Series unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IP Phone 6800, 7800, and 8800 Series unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041073",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041073"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0316",
    "datePublished": "2018-06-07T12:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:06:41.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted