A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
http://ift.tt/2bRaxIK A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
http://ift.tt/2bRaxIK
Security Impact Rating: High
CVE: CVE-2016-1469
from Cisco Security Advisory http://ift.tt/2bRaxIK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.