Content

DoS vulnerability found in Cisco SPA514G IP phones

Cisco issued two security advisories one of which discusses a vulnerability in Cisco Small Business SPA514G IP phones that could potentially lead to a denial of service (DoS) issue.

The phone problem, CVE-2018-0389, is rated high and affects the Cisco Small Business SPA514G IP phones that are running firmware release 7.6.2SR2 or earlier. It is due to a vulnerability in the implementation of Session Initiation Protocol processing that could be used by an attacker to render the phone unresponsive resulting in a DoS situation that will remain in effect until the phone is manually restarted.

Cisco has not issued a patch yet and there are no known workarounds.

The second advisory discloses the critical-rated vulnerability CVE-2019-1723 in the Cisco Common Services Platform Collector releases 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2. The issue centers on devices that retain a default or static password which could be used by an attacker to gain access, Cisco reported. A patch has been issued correcting this issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.