CVE-2017-12259

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA51x Series IP Phones versions 7.6.2SR1 and earlier

Description A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The issue is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this by sending malformed SIP messages to an affected device, causing it to become unresponsive until manually restarted.

Recommendations For Cisco Small Business SPA51x Series IP Phones versions 7.6.2SR1 and earlier, update to a version later than 7.6.2SR1 to resolve the issue. As a temporary workaround, consider restricting access to the SIP functionality to minimize the risk of exploitation.