Field Notice: FN - 70378 - Small Business SPA514G IP Phones SIP Denial of Service Vulnerability - Hardware Upgrade Available

Available Languages

Updated:March 20, 2020

Document ID:FN70378

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	12-Mar-19	Initial Release
1.1	20-Mar-20	Updated the Background Section

Products Affected

Affected Product ID	Comments
SPA514G	Replacement PID - SPA525G2
SPA514G	Replacement PID - CP-6851-3PCC-K9=
SPA514G-RC	Replacement PID - SPA525G2-RC
SPA514G-XU

Defect Information

Defect ID	Headline
CSCvc63989	Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability

Problem Description

The Session Initiation Protocol (SIP) implementation in the Cisco Small Business SPA514G IP Phones contains an issue that could cause the device to require a manual restart if exploited by a remote attacker. SPA514G, SPA514G-RC, and SPA514G-XU IP Phones are potentially affected.

Background

An attacker could take advantage of this issue and send malformed SIP messages to an affected device. Malformed SIP messages could cause the device to become unresponsive until restarted manually.

For additional information, see Software Advisory for CSCvc63989.

Problem Symptom

SPA514G devices become unresponsive.

Workaround/Solution

If affected, devices on the network will need to be manually restarted.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)