HomePentest-Tools.com Logo

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability (cisco-sa-20160831-spa) CVE-2016-1469

Severity
CVSSv3 Score
7.5
Vulnerability description

A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Risk description

The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 12, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available