Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4459

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-4459
Last Modified 13 Jul 2011 12:00:00
Published 21 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4459

Summary

Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.

Vulnerable Systems


References

SECUNIA - 26547

XF - cisco-ipphone-sip-dos(36125)

VUPEN - ADV-2007-2928

BID - 25378

OSVDB - 36695

CISCO - 20070821 Multiple SIP Vulnerabilities in the Cisco 7960 IP Phones

SECTRACK - 1018591

SREASON - 3042

FULLDISC - 20070820 3 messsages attack remote DOS on Cisco 7940

FULLDISC - 20070820 10 messages SIP Remote DOS on Cisco 7940 SIP Phone


Last Updated: 27 May 2016 10:45:52