CVE-2017-6630

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 8851 version 11.0(0.1)

Description A vulnerability in the Session Initiation Protocol (SIP) implementation could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The issue is due to an abnormal SIP message. An attacker could exploit this by manipulating the CANCEL packet, potentially disrupting service to the phone.

Recommendations For Cisco IP Phone 8851 version 11.0(0.1), consider restricting access to the SIP implementation until a patch is available. As a temporary workaround, avoid using the CANCEL packet in SIP messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.