Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
Severity Rating: Medium
- This vulnerability affects Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones in all software versions.
A vulnerability has been identified in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones and can be exploited by remote attackers to cause a denial of service condition. The vulnerability is caused due to ability to handle many large IP fragments for reassembly in a short duration. This vulnerability can allow an attacker to send a crafted stream of IP fragments to the targeted device. Successful exploitation of the vulnerability can allow remote attackers to cause a denial of service condition when the device unexpectedly reloads.
Users are advised to apply updates.
More information is available on:
Cisco Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street