VDB
CVE-2017-12219
CVE-2017-12219
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.
EPSS 1.38% · 80.6th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
1.38%
80.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | spa_514g_firmware | 7.6.2 |
| cisco | spa_512g_firmware | 7.6.2 |
| cisco | spa_501g_firmware | 7.6.2 |
| cisco | spa_303_firmware | 7.6.2 |
| n/a | Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones | Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones |
| cisco | spa_301_firmware | 7.6.2 |
| cisco | spa_500s_firmware | 7.6.2 |
| cisco | spa_504g_firmware | 7.6.2 |
| cisco | spa_500ds_firmware | 7.6.2 |
| cisco | spa_502g_firmware | 7.6.2 |
| cisco | spa_508g_firmware | 7.6.2 |
| cisco | spa_509g_firmware | 7.6.2 |
Exploit Intelligence
Timeline
- Sep 20, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score