Details of VAR-200706-0410

ID

VAR-200706-0410

CVE

CVE-2007-3349

TITLE

Aastra 9112i SIP Phone SIP Message Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 24537 // CNNVD: CNNVD-200706-390

DESCRIPTION

The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) via a malformed SIP message of a certain other length. Aastra 9112i IP phone is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP messages. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. This issue affects firmware 1.4.0.1048, boot version: 1.1.0.10

Trust: 1.98

sources: NVD: CVE-2007-3349 // JVNDB: JVNDB-2007-002227 // BID: 24537 // VULHUB: VHN-26711

AFFECTED PRODUCTS

vendor:	aastra telecom	model:	9112i sip phone	scope:	eq	version:	1.4.0.1048	Trust: 1.6
vendor:	aastra telecom	model:	9112i sip phone	scope:	eq	version:	1.4.0.1048 and boot version 1.1.0.10	Trust: 0.8
vendor:	aastra	model:	9112i sip phone	scope:	eq	version:	1.4.0.1048	Trust: 0.3
vendor:	aastra	model:	9112i sip phone	scope:	eq	version:	0	Trust: 0.3

sources: BID: 24537 // JVNDB: JVNDB-2007-002227 // CNNVD: CNNVD-200706-390 // NVD: CVE-2007-3349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3349
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-3349
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200706-390
value:	HIGH
Trust: 0.6
VULHUB:	VHN-26711
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-3349
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26711
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26711 // JVNDB: JVNDB-2007-002227 // CNNVD: CNNVD-200706-390 // NVD: CVE-2007-3349

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-390

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200706-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002227

PATCH

title:

Top Page

url:

http://www.aastratelecom.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002227

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3349	Trust: 2.8
db:	BID	id:	24537	Trust: 2.0
db:	VUPEN	id:	ADV-2007-2318	Trust: 1.7
db:	OSVDB	id:	37496	Trust: 1.7
db:	SECUNIA	id:	25806	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002227	Trust: 0.8
db:	CNNVD	id:	CNNVD-200706-390	Trust: 0.7
db:	XF	id:	35060	Trust: 0.6
db:	VULHUB	id:	VHN-26711	Trust: 0.1

sources: VULHUB: VHN-26711 // BID: 24537 // JVNDB: JVNDB-2007-002227 // CNNVD: CNNVD-200706-390 // NVD: CVE-2007-3349

REFERENCES

url:	http://www.securityfocus.com/bid/24537	Trust: 1.7
url:	http://osvdb.org/37496	Trust: 1.7
url:	http://secunia.com/advisories/25806	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2318	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35060	Trust: 1.1
url:	http://www.sipera.com/index.php?action=resources%2cthreat_advisory&tid=277&	Trust: 1.0
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=277&	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3349	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3349	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/35060	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2318	Trust: 0.6
url:	http://www.aastratelecom.com/cps/rde/xchg/sid-3d8ccb73-77b439fd/03/hs.xsl/18236.htm	Trust: 0.3
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=277&	Trust: 0.1

sources: VULHUB: VHN-26711 // BID: 24537 // JVNDB: JVNDB-2007-002227 // CNNVD: CNNVD-200706-390 // NVD: CVE-2007-3349

CREDITS

Sipera VIPER Lab is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 24537 // CNNVD: CNNVD-200706-390

SOURCES

db:	VULHUB	id:	VHN-26711
db:	BID	id:	24537
db:	JVNDB	id:	JVNDB-2007-002227
db:	CNNVD	id:	CNNVD-200706-390
db:	NVD	id:	CVE-2007-3349

LAST UPDATE DATE

2025-04-10T23:19:07.804000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26711	date:	2017-07-29T00:00:00
db:	BID	id:	24537	date:	2007-06-26T23:38:00
db:	JVNDB	id:	JVNDB-2007-002227	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-390	date:	2007-06-25T00:00:00
db:	NVD	id:	CVE-2007-3349	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26711	date:	2007-06-22T00:00:00
db:	BID	id:	24537	date:	2007-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2007-002227	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-390	date:	2007-06-22T00:00:00
db:	NVD	id:	CVE-2007-3349	date:	2007-06-22T18:30:00