{"containers": {"cna": {"affected": [{"product": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones"}]}], "datePublic": "2017-10-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-10-20T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "101495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101495"}, {"name": "1039616", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039616"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12260", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones", "version": {"version_data": [{"version_value": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "101495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101495"}, {"name": "1039616", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039616"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.705Z"}, "title": "CVE Program Container", "references": [{"name": "101495", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101495"}, {"name": "1039616", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039616"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12260", "datePublished": "2017-10-19T08:00:00.000Z", "dateReserved": "2017-08-03T00:00:00.000Z", "dateUpdated": "2024-08-05T18:28:16.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_501g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "3BDD5305-DBCE-44E2-8246-C45C9AF04A88", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_502g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "B4B42E9A-3803-4359-8736-8629169F35F5", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_504g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "2287FB05-3FDD-4B80-8537-67F80B851119", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_508g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "B6EE4CB0-E332-4261-B92A-F8DB1E571AA9", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_509g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "241D9468-FB18-4E5F-B55C-04C4D2554E16", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_512g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "B955A49C-EB75-428C-A7CC-AC58604B635B", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_514g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "95DF4D27-49DC-4F57-9E3D-E28E5D23AFA0", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*", "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_525g_firmware:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "B726AAE8-6556-48D9-ACB7-83538F9FE653", "versionEndIncluding": "7.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_525g:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADAD4489-26BB-4FF4-8D7A-0805CFDD0F31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Session Initiation Protocol (SIP) en Cisco Small Business SPA50x, SPA51x y SPA52x Series IP Phones podr\u00eda permitir que un atacante remoto sin autenticar haga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo incorrecto de los mensajes de petici\u00f3n SIP por parte de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando especificadores formateados en un payload SIP que se env\u00edan a un dispositivo afectado. Un exploit con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado no responda, lo que da como resultado una condici\u00f3n de DoS que persista hasta que el dispositivo se reinicie manualmente. Esta vulnerabilidad afecta a Cisco Small Business SPA50x, SPA51x, y SPA52x Series IP Phones que ejecutan la distribuci\u00f3n de firmware 7.6.2SR1 o anterior. Cisco Bug IDs: CSCvc63986."}], "id": "CVE-2017-12260", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-19T08:29:00.310", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101495"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039616"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}