Cisco – Vulnerability in Cisco IP Phone 8800 Series allow DoS

Advisory IDRSN-SIP-1790


Vulnerability Information



Vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts.

Technical Information



Remote user can cause the target service to crash. A remote user can send a specially crafted Session Initiation Protocol (SIP) packet header to trigger an input validation flaw and cause the target SIP process to restart, dropping all phone calls. For more information on the affected versions, CVE-2017-12328 was assigned for this bug.




The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources



Cisco Security Advisory

Common Vulnerabilities and Exposures (CVE)