CVE-2017-12260

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones versions 7.6.2SR1 and earlier

Description A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The issue is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this by using formatted specifiers in a SIP payload sent to an affected device, causing it to become unresponsive until manually restarted.

Recommendations For Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones versions 7.6.2SR1 and earlier, update to a firmware release later than 7.6.2SR1 to resolve the issue. As a temporary workaround, consider restricting access to the SIP functionality to minimize the risk of exploitation.