| Vulnerability Name: | CVE-2007-4459 (CCN-36125) | ||||||||
| Assigned: | 2007-08-20 | ||||||||
| Published: | 2007-08-20 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon Aug 20 2007 - 09:04:05 CDT 10 messages SIP Remote DOS on Cisco 7940 SIP Phone Source: CCN Type: Full-Disclosure Mailing List, Mon Aug 20 2007 - 08:57:44 CDT 3 messsages attack remote DOS on Cisco 7940 Source: MITRE Type: CNA CVE-2007-4459 Source: FULLDISC Type: UNKNOWN 20070820 10 messages SIP Remote DOS on Cisco 7940 SIP Phone Source: FULLDISC Type: UNKNOWN 20070820 3 messsages attack remote DOS on Cisco 7940 Source: CCN Type: SA26547 Cisco IP Phone 7940/7960 SIP Message Sequence Denial of Service Source: SECUNIA Type: Patch, Vendor Advisory 26547 Source: SREASON Type: UNKNOWN 3042 Source: CCN Type: SECTRACK ID: 1018591 Cisco 7940/7960 IP Phones Can Be Crashed By Remote Users Source: SECTRACK Type: UNKNOWN 1018591 Source: CCN Type: Cisco Support Web site Download Software Source: CCN Type: cisco-sr-20070821-sip Cisco Security Response: Multiple SIP Vulnerabilities in the Cisco 7960 IP Phones Source: CISCO Type: UNKNOWN 20070821 Multiple SIP Vulnerabilities in the Cisco 7960 IP Phones Source: OSVDB Type: UNKNOWN 36695 Source: CCN Type: OSVDB ID: 36695 Cisco IP Phone 79xx Crafted SIP Message Sequence Remote DoS Source: CCN Type: OSVDB ID: 40189 Cisco IP Phone 7940 SIP INVITE Request-URI Null User Name Remote DoS Source: BID Type: Exploit 25378 Source: CCN Type: BID-25378 Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2007-2928 Source: XF Type: UNKNOWN cisco-ipphone-sip-dos(36125) Source: XF Type: UNKNOWN cisco-ipphone-sip-dos(36125) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||