CVE-2018-0332

Name of the Vulnerable Software and Affected Versions Cisco Unified IP Phone software (affected versions not specified)

Description A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The issue is due to a lack of flow-control mechanisms in the software. An attacker could exploit this by sending high volumes of SIP INVITE traffic to the targeted device, potentially disrupting services on the targeted IP phone.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.