CVE-2018-0316

Name of the Vulnerable Software and Affected Versions: Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware versions prior to 11.1(2)

Description: A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. This occurs because the firmware incorrectly handles errors when an incoming phone call is not answered. An attacker could exploit this by sending maliciously crafted SIP packets to an affected phone, causing it to reload and resulting in a temporary DoS condition.

Recommendations: For Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware versions prior to 11.1(2), update to Release 11.1(2) or later to resolve the issue. As a temporary workaround, consider restricting access to the SIP call-handling functionality until a patch is applied.