THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
12-Mar-19 |
Initial Release |
1.1 |
20-Mar-20 |
Updated the Background Section |
Affected Product ID | Comments |
---|---|
SPA514G |
Replacement PID - SPA525G2 |
SPA514G |
Replacement PID - CP-6851-3PCC-K9= |
SPA514G-RC |
Replacement PID - SPA525G2-RC |
SPA514G-XU |
Defect ID | Headline |
---|---|
CSCvc63989 | Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability |
The Session Initiation Protocol (SIP) implementation in the Cisco Small Business SPA514G IP Phones contains an issue that could cause the device to require a manual restart if exploited by a remote attacker. SPA514G, SPA514G-RC, and SPA514G-XU IP Phones are potentially affected.
An attacker could take advantage of this issue and send malformed SIP messages to an affected device. Malformed SIP messages could cause the device to become unresponsive until restarted manually.
For additional information, see Software Advisory for CSCvc63989.
SPA514G devices become unresponsive.
If affected, devices on the network will need to be manually restarted.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.