CVE-2018-0325

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 7800 Series phones (affected versions not specified) Cisco IP Phone 8800 Series phones (affected versions not specified)

Description A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The issue is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser. An attacker could exploit this by sending a malformed SIP packet, causing all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts.

Recommendations For Cisco IP Phone 7800 Series phones, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco IP Phone 8800 Series phones, at the moment, there is no information about a newer version that contains a fix for this vulnerability.