Vulnerability Name: | CVE-2007-5583 (CCN-38853) | ||||||||
Assigned: | 2007-12-05 | ||||||||
Published: | 2007-12-05 | ||||||||
Updated: | 2017-09-29 | ||||||||
Summary: | Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:U/RC:C)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Denial of Service | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-5583 Source: MITRE Type: CNA CVE-2007-6370 Source: FULLDISC Type: Exploit 20071205 Cisco Phone 7940 remote DOS Source: FULLDISC Type: UNKNOWN 20071208 Cisco Phone 7940 remote DOS Source: CCN Type: Full-Disclosure Mailing List, Sat, 8 Dec 2007 02:29:50 -0500 Re: Cisco Phone 7940 remote DOS Source: FULLDISC Type: UNKNOWN 20071208 Re: Cisco Phone 7940 remote DOS Source: CCN Type: SA27898 Cisco IP Phone 7940 SIP INVITE Denial of Service Vulnerability Source: CCN Type: SECTRACK ID: 1019059 Cisco 7940 IP Phone Can Be Crashed By Remote Users Sending a Sequence of SIP INVITE Requests Source: CCN Type: Cisco.com Login Page CISCO Log In Source: BID Type: Exploit 26711 Source: CCN Type: BID-26711 Cisco 7940 SIP Phone INVITE Message Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1019059 Source: XF Type: UNKNOWN cisco-ipphone-invite-dos(38853) Source: XF Type: UNKNOWN cisco-ipphone-invite-dos(38853) Source: EXPLOIT-DB Type: UNKNOWN 4692 | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |