Cisco – Bug in Cisco 8851 IP Phone allow Remote Users Cause in DoS

Advisory IDRSN-SIP-1560

Vulnerability Information


Vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Release Date

2017-05-21 00:00:00


SIP (Session Initiation Protocol) is a protocol used for the initiation, modification and termination of voice and video calls through IP networks. This protocol is implemented in multiple Cisco systems products such as routers, switches and Firewalls.

Technical Information


The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone.For more information on the affected versions, CVE-2017-6630 was assigned for this bug.



The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources


Cisco Security Advisory

Common Vulnerabilities and Exposures (CVE)