Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4291

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-4291
Last Modified 07 Mar 2011 09:58:19
Published 09 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4291

Summary

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.

Vulnerable Systems

Operating System

  • Cisco Ios 12.0

  • Cisco Ios 12.1

  • Cisco Ios 12.2

  • Cisco Ios 12.3

  • Cisco Ios 12.4


References

VUPEN - ADV-2007-2816

BID - 25239

CISCO - 20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

SECTRACK - 1018533

SECUNIA - 26363

OSVDB - 36681

OSVDB - 36680

OSVDB - 36679

OSVDB - 36678

OSVDB - 36677

XF - cisco-ios-rtp-dos(35905)

XF - cisco-ios-h323-dos(35904)

XF - cisco-ios-mgcp-dos(35903)


Last Updated: 27 May 2016 10:45:49