ID

VAR-200708-0292

CVE

CVE-2007-4498

TITLE

Grandstream SIP Phone GXV 3000 Service disruption in (DoS) Vulnerabilities

DESCRIPTION

The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. \"GXV-3000是潮流科技(Grandstream)基于SIP和H.264标准的下一代高级IP视频电话. GXV-3000在处理特定的消息序列时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向GXV-3000电话发送了以下两个消息序列的话，就会导致设备拒绝服务： X ----------------------- INVITE -------------------＞ GXV-3000 X ＜------------------ 100 Trying ----------------- GXV-3000 X ＜--------------- 180 Ringing ------------------- GXV-3000 X ------------- 183 Session Progress -------＞ GXV-3000 X ＜-----------RTP - FLOW ------------------------ GXV-3000 \". Grandstream GXV-3000 phones are prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the device to accept a phone while being unable to hang up. This effectively denies service to legitimate users because further calls will not be accepted by the device. "GXV-3000 is Grandstream's next-generation advanced IP video phone based on SIP and H.264 standards. GXV-3000 has a vulnerability when processing a specific message sequence. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Grandstream GXV3000 Eavesdropping and Denial of Service Vulnerability SECUNIA ADVISORY ID: SA26568 VERIFY ADVISORY: http://secunia.com/advisories/26568/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of sensitive information, DoS WHERE: >From remote OPERATING SYSTEM: Grandstream GXV3000 IP Video Phone http://secunia.com/product/15436/ DESCRIPTION: A vulnerability has been reported in the Grandstream GXV3000 IP Video Phone, which can be exploited by malicious people to cause a DoS (Denial of Service) and eavesdrop with vulnerable devices. The vulnerability is reported in firmware version 1.0.1.7. Other versions may also be affected. SOLUTION: Reportedly fixed in version 1.0.1.12. Contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Humberto J. Abdelnur, Radu State, and Olivier Festor ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Design Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Radu State※ state@loria.fr

SOURCES

LAST UPDATE DATE

2025-04-10T23:05:34.858000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE