Details of VAR-200708-0411

ID

VAR-200708-0411

CVE

CVE-2007-4459

TITLE

Cisco IP Phone 7940 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002534

DESCRIPTION

Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. Cisco IP Phone 7940 and 7960 There is a service disruption ( Reboot device ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Reboot device ) There is a possibility of being put into a state. \"Cisco 7940型IP电话是一种多功能通讯设备，通过IP网络传递语音信号. Cisco 7940在处理特定的请求序列时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了以下3个消息序列的话： X ------------------------- INVITE -----------------------＞ Cisco X ＜--- 481 transaction does not exists ----- Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------------- OK ------------------------- Cisco X ＜--- 481 transaction does not exists ----- Cisco X ------------------------- OPTIONS--------------------＞ Cisco 或发送以下10个消息序列的话： X ------------------------- INVITE -----------------------＞ Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------- 200 OK ------------------------- Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------- 200 OK ------------------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ------------------------- INVITE -----------------------＞ Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------- 404 Not Found ------------------ Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ＜--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------- 200 OK ------------------------- Cisco X ------------------------- INVITE -----------------------＞ Cisco X ＜----------------100 Trying ------------------------- Cisco X ＜--------------- 404 Not Found ------------------ Cisco X ＜--------------- 404 Not Found ------------------ Cisco X ＜--------------- 404 Not Found ------------------ Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------- 200 OK ------------------------- Cisco X ＜--------------- 404 Not Found ------------------ Cisco X ------------------------- OPTIONS--------------------＞ Cisco X ＜--------------------- 200 OK ------------------------- Cisco X ＜--------------- 404 Not Found ------------------ Cisco 就会导致设备重启. \". Cisco 7940/7960 phones are prone to multiple denial-of-service vulnerabilities. A successful attack can allow remote attackers to crash or reboot an affected device. Cisco 7940/7960 devices running firmware P0S3-08-6-00 and prior are reported vulnerable. "Cisco 7940 type IP A telephone is a multifunctional communication device that IP The network transmits voice signals. Cisco 7940 A vulnerability exists in the processing of a specific sequence of requests that could be exploited by a remote attacker to render the device unusable. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IP Phone 7940 SIP Message Sequence Denial of Service SECUNIA ADVISORY ID: SA26547 VERIFY ADVISORY: http://secunia.com/advisories/26547/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Cisco IP Phone 7940 http://secunia.com/product/1113/ DESCRIPTION: The Madynes research team at INRIA Lorraine has reported some vulnerabilities in Cisco IP Phone 7940, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors within the handling of certain SIP message sequences. These can be exploited to reboot the device by sending a series of specially crafted SIP messages. The vulnerabilities are reported in firmware version POS3-08-6-00. SOLUTION: Use only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Madynes research team at INRIA Lorraine ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2007-4459 // JVNDB: JVNDB-2007-002534 // CNNVD: CNNVD-200708-349 // BID: 25378 // VULHUB: VHN-27821 // PACKETSTORM: 58747

AFFECTED PRODUCTS

vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	voip phone cp-7940	scope:	lte	version:	8.70	Trust: 1.0
vendor:	cisco	model:	voip phone cp-7960	scope:	lte	version:	8.70	Trust: 1.0
vendor:	cisco	model:	voip phone cp-7940	scope:	lt	version:	firmware p0s3-08-6-00 and firmware 8.7(0) other less than sip	Trust: 0.8
vendor:	cisco	model:	voip phone cp-7960	scope:	lt	version:	firmware p0s3-08-6-00 and firmware 8.7(0) other less than sip	Trust: 0.8
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	8.70	Trust: 0.6
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	8.70	Trust: 0.6
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	8.6(0)	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	8.6(0)	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7960	scope:	ne	version:	8.7(0)	Trust: 0.3
vendor:	cisco	model:	voip phone cp-7940	scope:	ne	version:	8.7(0)	Trust: 0.3

sources: BID: 25378 // JVNDB: JVNDB-2007-002534 // NVD: CVE-2007-4459 // CNNVD: CNNVD-200708-349

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-4459
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-200708-349
value:	HIGH
Trust: 0.6
VULHUB:	VHN-27821
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-4459
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-27821
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27821 // JVNDB: JVNDB-2007-002534 // NVD: CVE-2007-4459 // CNNVD: CNNVD-200708-349

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-27821 // JVNDB: JVNDB-2007-002534 // NVD: CVE-2007-4459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-349

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200708-349

CONFIGURATIONS

sources: NVD: CVE-2007-4459

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-27821

PATCH

title:

Document ID: 592

url:

http://tools.cisco.com/security/center/content/ciscosecurityresponse/cisco-sr-20070821-sip

Trust: 0.8

sources: JVNDB: JVNDB-2007-002534

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4459	Trust: 2.8
db:	BID	id:	25378	Trust: 2.0
db:	SECUNIA	id:	26547	Trust: 1.8
db:	SECTRACK	id:	1018591	Trust: 1.7
db:	SREASON	id:	3042	Trust: 1.7
db:	OSVDB	id:	36695	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2928	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002534	Trust: 0.8
db:	XF	id:	36125	Trust: 0.6
db:	CISCO	id:	20070821 MULTIPLE SIP VULNERABILITIES IN THE CISCO 7960 IP PHONES	Trust: 0.6
db:	FULLDISC	id:	20070820 10 MESSAGES SIP REMOTE DOS ON CISCO 7940 SIP PHONE	Trust: 0.6
db:	FULLDISC	id:	20070820 3 MESSSAGES ATTACK REMOTE DOS ON CISCO 7940	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-349	Trust: 0.6
db:	EXPLOIT-DB	id:	4297	Trust: 0.1
db:	EXPLOIT-DB	id:	4298	Trust: 0.1
db:	VULHUB	id:	VHN-27821	Trust: 0.1
db:	PACKETSTORM	id:	58747	Trust: 0.1

sources: VULHUB: VHN-27821 // BID: 25378 // JVNDB: JVNDB-2007-002534 // PACKETSTORM: 58747 // NVD: CVE-2007-4459 // CNNVD: CNNVD-200708-349

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065401.html	Trust: 1.8
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065402.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/25378	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml	Trust: 1.7
url:	http://www.osvdb.org/36695	Trust: 1.7
url:	http://securitytracker.com/id?1018591	Trust: 1.7
url:	http://secunia.com/advisories/26547	Trust: 1.7
url:	http://securityreason.com/securityalert/3042	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2928	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36125	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4459	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4459	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/2928	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/36125	Trust: 0.6
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/index.html	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_response09186a00808a6693.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/1113/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/26547/	Trust: 0.1

sources: VULHUB: VHN-27821 // BID: 25378 // JVNDB: JVNDB-2007-002534 // PACKETSTORM: 58747 // NVD: CVE-2007-4459 // CNNVD: CNNVD-200708-349

CREDITS

Radu State※ state@loria.fr

Trust: 0.6

sources: CNNVD: CNNVD-200708-349

SOURCES

db:	VULHUB	id:	VHN-27821
db:	BID	id:	25378
db:	JVNDB	id:	JVNDB-2007-002534
db:	PACKETSTORM	id:	58747
db:	NVD	id:	CVE-2007-4459
db:	CNNVD	id:	CNNVD-200708-349

LAST UPDATE DATE

2023-12-18T13:25:39.863000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27821	date:	2017-07-29T00:00:00
db:	BID	id:	25378	date:	2015-04-16T18:09:00
db:	JVNDB	id:	JVNDB-2007-002534	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-4459	date:	2017-07-29T01:32:57.193
db:	CNNVD	id:	CNNVD-200708-349	date:	2007-08-23T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27821	date:	2007-08-21T00:00:00
db:	BID	id:	25378	date:	2007-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2007-002534	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	58747	date:	2007-08-21T20:53:35
db:	NVD	id:	CVE-2007-4459	date:	2007-08-21T21:17:00
db:	CNNVD	id:	CNNVD-200708-349	date:	2007-08-21T00:00:00