Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-125


Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
Severity Rating: Medium
Systems Affected:
  • This vulnerability affects Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones in all software versions.
Description
A vulnerability has been identified in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones and can be exploited by remote attackers to cause a denial of service condition. The vulnerability is caused due to ability to handle many large IP fragments for reassembly in a short duration. This vulnerability can allow an attacker to send a crafted stream of IP fragments to the targeted device. Successful exploitation of the vulnerability can allow remote attackers to cause a denial of service condition when the device unexpectedly reloads.
 
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Cisco
CVE Information
References
Cisco Security Bulletin
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis