CVE-2017-6630

A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.

Published: May 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-6630
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ip_phone_8800_series_firmware	11.0(0.1)	11.0(0.1).x

http://www.securityfocus.com/bid/98533
http://www.securitytracker.com/id/1038511
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip

Vulnerability Database

289,697

CVE-2017-6630