Details of VAR-200702-0384

ID

VAR-200702-0384

CVE

CVE-2007-0648

TITLE

Cisco IOS fails to properly handle Session Initiated Protocol packets

Trust: 0.8

sources: CERT/CC: VU#438176

DESCRIPTION

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Exploitation of this vulnerability may result in a denial-of-service condition. According to Cisco Systems' information, it is not necessary for the specific affected version. SIP port (5060/TCP,UDP) Is reported to be open by default.Crafted by a third party SIP By processing the packet, SIP Service works Cisco IOS Device is out of service (DoS) It may be in a state. This issue affects only devices that support voice communications but don't have SIP enabled. Attackers can exploit this issue to reload a vulnerable device. IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well. In addition, some IOS versions that support SIP services may process SIP messages even if no SIP operations are configured. If you want to process SIP messages, IOS needs to open UDP port 5060 and TCP port 5060 for listening. Devices not listening on TCP 5060 or UDP 5060 are not affected by the vulnerability. Since SIP uses UDP for transport, it is possible to spoof the IP address of the sender, which can invalidate ACLs that allow traffic from trusted IP addresses to those ports

Trust: 2.7

sources: NVD: CVE-2007-0648 // CERT/CC: VU#438176 // JVNDB: JVNDB-2007-000112 // BID: 22330 // VULHUB: VHN-24010

AFFECTED PRODUCTS

vendor:	cisco	model:	ios 12.4	scope:	-	version:	-	Trust: 2.1
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 2.1
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yg	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yk	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(14\)t5	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(14\)t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yt	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(14\)t4	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3\(14\)t2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3ym	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yq	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yu	Trust: 1.6
vendor:	cisco	model:	ios 12.4 t	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)xa	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(3\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(5\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(9\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xt	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4mr	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(3d\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)xb	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(3\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xj	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(6\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(4\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(5b\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.3yx	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(4\)mr	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(7\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(1b\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xb	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(8\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(7a\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xe	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(4\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4sw	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(1c\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)mr	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xp	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)xb2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)t4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(6\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(1\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(3b\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(3a\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xc	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xd	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xa	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4xg	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(2\)mr1	Trust: 1.0
vendor:	cisco	model:	ios 12.4 t2	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.8
vendor:	cisco	model:	ios 12.4 t1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.4 mr	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.4xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4sw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(8)	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(7)	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(5)	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(3)	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xb2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 t3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.4 mr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(1)	Trust: 0.3
vendor:	cisco	model:	ios 12.3yx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3ym	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.3xx	Trust: 0.3
vendor:	cisco	model:	ios 12.3xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3 t	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#438176 // BID: 22330 // JVNDB: JVNDB-2007-000112 // CNNVD: CNNVD-200701-564 // NVD: CVE-2007-0648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0648
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#438176
value:	33.08
Trust: 0.8
NVD:	CVE-2007-0648
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-564
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24010
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0648
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24010
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#438176 // VULHUB: VHN-24010 // JVNDB: JVNDB-2007-000112 // CNNVD: CNNVD-200701-564 // NVD: CVE-2007-0648

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-564

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200701-564

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000112

PATCH

title:	81816	url:	http://www.cisco.com/en/US/products/products_security_response09186a00807d36f5.html	Trust: 0.8
title:	cisco-sa-20070131-sip	url:	http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml	Trust: 0.8

sources: JVNDB: JVNDB-2007-000112

EXTERNAL IDS

db:	BID	id:	22330	Trust: 3.6
db:	CERT/CC	id:	VU#438176	Trust: 3.6
db:	SECUNIA	id:	23978	Trust: 3.3
db:	NVD	id:	CVE-2007-0648	Trust: 2.8
db:	SECTRACK	id:	1017575	Trust: 2.5
db:	VUPEN	id:	ADV-2007-0428	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-000112	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-564	Trust: 0.7
db:	CISCO	id:	20070131 SIP PACKET RELOADS IOS DEVICES NOT CONFIGURED FOR SIP	Trust: 0.6
db:	XF	id:	31990	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5138	Trust: 0.6
db:	VULHUB	id:	VHN-24010	Trust: 0.1

sources: CERT/CC: VU#438176 // VULHUB: VHN-24010 // BID: 22330 // JVNDB: JVNDB-2007-000112 // CNNVD: CNNVD-200701-564 // NVD: CVE-2007-0648

REFERENCES

url:	http://www.securityfocus.com/bid/22330	Trust: 3.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/438176	Trust: 2.8
url:	http://secunia.com/advisories/23978	Trust: 2.5
url:	http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml	Trust: 1.7
url:	http://securitytracker.com/id?1017575	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2007/0428	Trust: 1.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5138	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0428	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31990	Trust: 1.1
url:	http://www.cisco.com/en/us/products/products_security_response09186a00807d36f5.html	Trust: 0.8
url:	http://secunia.com/advisories/23978/	Trust: 0.8
url:	http://www.cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/bgsipov.htm	Trust: 0.8
url:	http://tools.ietf.org/html/rfc2543	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/jan/1017575.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0648	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2007/at070003.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23438176/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0648	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/31990	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5138	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	/archive/1/458661	Trust: 0.3

sources: CERT/CC: VU#438176 // VULHUB: VHN-24010 // BID: 22330 // JVNDB: JVNDB-2007-000112 // CNNVD: CNNVD-200701-564 // NVD: CVE-2007-0648

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200701-564

SOURCES

db:	CERT/CC	id:	VU#438176
db:	VULHUB	id:	VHN-24010
db:	BID	id:	22330
db:	JVNDB	id:	JVNDB-2007-000112
db:	CNNVD	id:	CNNVD-200701-564
db:	NVD	id:	CVE-2007-0648

LAST UPDATE DATE

2025-04-10T23:14:24.170000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#438176	date:	2007-02-08T00:00:00
db:	VULHUB	id:	VHN-24010	date:	2017-10-11T00:00:00
db:	BID	id:	22330	date:	2015-05-12T19:34:00
db:	JVNDB	id:	JVNDB-2007-000112	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200701-564	date:	2009-03-04T00:00:00
db:	NVD	id:	CVE-2007-0648	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#438176	date:	2007-01-31T00:00:00
db:	VULHUB	id:	VHN-24010	date:	2007-02-01T00:00:00
db:	BID	id:	22330	date:	2007-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2007-000112	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200701-564	date:	2007-01-31T00:00:00
db:	NVD	id:	CVE-2007-0648	date:	2007-02-01T01:28:00