CVE-2018-0389 — Vulnetix

CVE-2018-0389 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier.

EPSS 0.90% · 76.1th percentile

Risk Scores

CVSS 3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.90%

76.1th percentile

Affected Products

Vendor	Product	Versions
cisco	spa514g_firmware	0
Cisco	Cisco Small Business SPA500 Series IP Phones	unspecified

Exploit Intelligence

20190313 Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability (circl)
107402 (circl)

Timeline

Mar 13, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

20190313 Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability vendor-advisory
107402 vdb
https://nvd.nist.gov/vuln/detail/CVE-2018-0389 advisory

Open in Interactive Console →