CVE-2017-12260
First published: Thu Oct 19 2017(Updated: )
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa 501g Firmware | <=7.6.2 | |
| Cisco Spa 501g | ||
| Cisco Spa 502g Firmware | <=7.6.2 | |
| Cisco Spa 502g | ||
| Cisco Spa 504g Firmware | <=7.6.2 | |
| Cisco Spa 504g | ||
| Cisco Spa 508g Firmware | <=7.6.2 | |
| Cisco Spa 508g | ||
| Cisco Spa 509g Firmware | <=7.6.2 | |
| Cisco Spa 509g | ||
| Cisco Spa 512g Firmware | <=7.6.2 | |
| Cisco Spa 512g | ||
| Cisco Spa 514g Firmware | <=7.6.2 | |
| Cisco Spa 514g | ||
| Cisco Spa 525g Firmware | <=7.6.2 | |
| Cisco Spa 525g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12260?
The severity of CVE-2017-12260 is classified as high with a score of 7.5.
What devices are affected by CVE-2017-12260?
CVE-2017-12260 affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones with specific firmware versions.
How do I fix CVE-2017-12260?
To fix CVE-2017-12260, upgrade the affected Cisco IP Phones to the latest firmware version beyond 7.6.2.
What impact does CVE-2017-12260 have on devices?
CVE-2017-12260 can cause affected devices to become unresponsive, resulting in a denial of service.
Is CVE-2017-12260 remotely exploitable?
Yes, CVE-2017-12260 can be exploited by an unauthenticated remote attacker.
- collector/nvd-index
- vendor/cisco
- product/spa 501g firmware
- canonical/cisco spa 501g firmware
- product/spa 501g
- canonical/cisco spa 501g
- product/spa 502g firmware
- canonical/cisco spa 502g firmware
- product/spa 502g
- canonical/cisco spa 502g
- product/spa 504g firmware
- canonical/cisco spa 504g firmware
- product/spa 504g
- canonical/cisco spa 504g
- product/spa 508g firmware
- canonical/cisco spa 508g firmware
- product/spa 508g
- canonical/cisco spa 508g
- product/spa 509g firmware
- canonical/cisco spa 509g firmware
- product/spa 509g
- canonical/cisco spa 509g
- product/spa 512g firmware
- canonical/cisco spa 512g firmware
- product/spa 512g
- canonical/cisco spa 512g
- product/spa 514g firmware
- canonical/cisco spa 514g firmware
- product/spa 514g
- canonical/cisco spa 514g
- product/spa 525g firmware
- canonical/cisco spa 525g firmware
- product/spa 525g
- canonical/cisco spa 525g