7.8

CVE-2017-12219

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSpa 301 Firmware Version7.6.2
   CiscoSpa 301 Version-
CiscoSpa 303 Firmware Version7.6.2
   CiscoSpa 303 Version-
CiscoSpa 500ds Firmware Version7.6.2
   CiscoSpa 500ds Version-
CiscoSpa 500s Firmware Version7.6.2
   CiscoSpa 500s Version-
CiscoSpa 501g Firmware Version7.6.2
   CiscoSpa 501g Version-
CiscoSpa 502g Firmware Version7.6.2
   CiscoSpa 502g Version-
CiscoSpa 504g Firmware Version7.6.2
   CiscoSpa 504g Version-
CiscoSpa 508g Firmware Version7.6.2
   CiscoSpa 508g Version-
CiscoSpa 509g Firmware Version7.6.2
   CiscoSpa 509g Version-
CiscoSpa 512g Firmware Version7.6.2
   CiscoSpa 512g Version-
CiscoSpa 514g Firmware Version7.6.2
   CiscoSpa 514g Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
http://www.securityfocus.com/bid/100926
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039413
Third Party Advisory
VDB Entry