Vulnerability Details : CVE-2017-12219
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.
Vulnerability category: Denial of service
Products affected by CVE-2017-12219
- cpe:2.3:o:cisco:spa_301_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_303_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_500ds_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_500s_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_501g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_502g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_504g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_508g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_509g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_512g_firmware:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:spa_514g_firmware:7.6.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12219
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-12219
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2017-12219
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1039413
Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Lets Remote Users Cause the Target System to Reload - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/100926
Multiple Cisco Products CVE-2017-12219 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to