var-201709-0682
Vulnerability from variot
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. Vendors have confirmed this vulnerability Bug ID CSCve82586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The CiscoSmallBusinessSPA300, SPA500, and SPA51x are Cisco S-Series IP telephony products. Multiple Cisco Products are prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa 301",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 500ds",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 500s",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 501g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 502g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 504g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 508g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 509g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 512g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 514g",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa 303",
"scope": "eq",
"trust": 1.8,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business spa51x ip phones",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "7.6.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "BID",
"id": "100926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:spa_301_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_303_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_500ds_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_500s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_501g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_502g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_504g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_508g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_509g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_512g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:spa_514g_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Bol\u00f3s from Pixelxen.",
"sources": [
{
"db": "BID",
"id": "100926"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12219",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-34245",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102719",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12219",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-34245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1038",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102719",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "VULHUB",
"id": "VHN-102719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. Vendors have confirmed this vulnerability Bug ID CSCve82586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The CiscoSmallBusinessSPA300, SPA500, and SPA51x are Cisco S-Series IP telephony products. Multiple Cisco Products are prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "BID",
"id": "100926"
},
{
"db": "VULHUB",
"id": "VHN-102719"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12219",
"trust": 3.4
},
{
"db": "BID",
"id": "100926",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1039413",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-34245",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-102719",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "VULHUB",
"id": "VHN-102719"
},
{
"db": "BID",
"id": "100926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"id": "VAR-201709-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "VULHUB",
"id": "VHN-102719"
}
],
"trust": 1.2650793766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
}
]
},
"last_update_date": "2024-11-23T23:05:19.125000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170920-spa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa"
},
{
"title": "Patch for CiscoSmallBusinessSPA300, SPA500, and SPA51x Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/104549"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/100926"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-spa"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039413"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12219"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12219"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "VULHUB",
"id": "VHN-102719"
},
{
"db": "BID",
"id": "100926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"db": "VULHUB",
"id": "VHN-102719"
},
{
"db": "BID",
"id": "100926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-102719"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100926"
},
{
"date": "2017-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"date": "2017-09-21T05:29:00.327000",
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34245"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102719"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100926"
},
{
"date": "2017-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008296"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1038"
},
{
"date": "2024-11-21T03:09:03.620000",
"db": "NVD",
"id": "CVE-2017-12219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008296"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1038"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…