Details of VAR-200308-0210

ID

VAR-200308-0210

TITLE

Cisco 7900 Series VoIP Phone ARP Spoofing Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-2489

DESCRIPTION

The Cisco 7900 Series is a family of IP telephony support devices. The Cisco 7900 Series handles fake ARP messages incorrectly. A remote attacker can exploit this vulnerability to perform a denial of service attack on a device, or to intercept packets such as \"intermediaries\". No detailed vulnerability details are currently available. Other attacks including man in the middle style attacks, for example packet injection and data interception have also been reported possible

Trust: 0.81

sources: CNVD: CNVD-2003-2489 // BID: 8398

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-2489

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	voip phone 7912g	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	voip phone 7905g	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	voip phone 7902g	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	ne	version:	3.3(3)	Trust: 0.3

sources: CNVD: CNVD-2003-2489 // BID: 8398

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-2489
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-2489
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-2489

THREAT TYPE

network

Trust: 0.3

sources: BID: 8398

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 8398

EXTERNAL IDS

db:	BID	id:	8398	Trust: 0.9
db:	CNVD	id:	CNVD-2003-2489	Trust: 0.6

sources: CNVD: CNVD-2003-2489 // BID: 8398

REFERENCES

url:	http://www.securityfocus.com/bid/8398	Trust: 0.6
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/index.html	Trust: 0.3
url:	http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/english/ipp7905g/relnotes/relnt3_3.htm#96716	Trust: 0.3

sources: CNVD: CNVD-2003-2489 // BID: 8398

CREDITS

Discovery of this vulnerability has been credited to "Wil Allsopp" <advisories@securetest.com>.

Trust: 0.3

sources: BID: 8398

SOURCES

db:	CNVD	id:	CNVD-2003-2489
db:	BID	id:	8398

LAST UPDATE DATE

2022-05-17T01:44:50.668000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-2489	date:	2014-01-20T00:00:00
db:	BID	id:	8398	date:	2003-08-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-2489	date:	2003-08-12T00:00:00
db:	BID	id:	8398	date:	2003-08-12T00:00:00