Details of VAR-200710-0057

ID

VAR-200710-0057

CVE

CVE-2007-5411

TITLE

Linksys SPA941 VoIP Phone Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-004506

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. Linksys SPA941 devices are prone to an HTML-injection vulnerability because the built-in webserver fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Linksys SPA941 devices with firmware version 5.1.8 are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Linksys SPA941 Script Insertion Vulnerability SECUNIA ADVISORY ID: SA27116 VERIFY ADVISORY: http://secunia.com/advisories/27116/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Linksys SPA941 VoIP Phone http://secunia.com/product/14032/ DESCRIPTION: Radu State has reported a vulnerability in Linksys SPA941, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "From" field in a SIP message is not properly sanitised before being displayed in the integrated web interface of the device. SOLUTION: Do not use the call history in the integrated web interface. PROVIDED AND/OR DISCOVERED BY: Radu State ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066430.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5411 // JVNDB: JVNDB-2007-004506 // BID: 25987 // VULHUB: VHN-28773 // PACKETSTORM: 60069

AFFECTED PRODUCTS

vendor:	linksys	model:	spa941	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco linksys	model:	spa941	scope:	eq	version:	5.1.8	Trust: 0.8
vendor:	linksys	model:	spa941	scope:	eq	version:	5.1.8_firmware	Trust: 0.6
vendor:	linksys	model:	spa941 voip phone	scope:	eq	version:	5.1.8	Trust: 0.3
vendor:	linksys	model:	spa941 voip phone	scope:	eq	version:	0	Trust: 0.3

sources: BID: 25987 // JVNDB: JVNDB-2007-004506 // CNNVD: CNNVD-200710-250 // NVD: CVE-2007-5411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5411
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5411
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200710-250
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28773
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5411
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28773
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28773 // JVNDB: JVNDB-2007-004506 // CNNVD: CNNVD-200710-250 // NVD: CVE-2007-5411

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-28773 // JVNDB: JVNDB-2007-004506 // NVD: CVE-2007-5411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-250

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200710-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-004506

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28773

PATCH

title:

Linksys

url:

http://home.cisco.com/en-apac/home

Trust: 0.8

sources: JVNDB: JVNDB-2007-004506

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5411	Trust: 2.8
db:	BID	id:	25987	Trust: 2.0
db:	SECUNIA	id:	27116	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-004506	Trust: 0.8
db:	XF	id:	37022	Trust: 0.6
db:	FULLDISC	id:	20071009 OWNING THE INTERNAL NETWORK WITH SIP (PART 1) AND A LINKSYS PHONE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-250	Trust: 0.6
db:	EXPLOIT-DB	id:	30650	Trust: 0.1
db:	VULHUB	id:	VHN-28773	Trust: 0.1
db:	PACKETSTORM	id:	60069	Trust: 0.1

sources: VULHUB: VHN-28773 // BID: 25987 // JVNDB: JVNDB-2007-004506 // PACKETSTORM: 60069 // CNNVD: CNNVD-200710-250 // NVD: CVE-2007-5411

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-october/066430.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/25987	Trust: 1.7
url:	http://secunia.com/advisories/27116	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37022	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5411	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5411	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/37022	Trust: 0.6
url:	http://www.linksys.com/servlet/satellite?c=l_product_c2&childpagename=us%2flayout&cid=1139414816993&pagename=linksys%2fcommon%2fvisitorwrapper&lid=1699354250b08	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/14032/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/27116/	Trust: 0.1

sources: VULHUB: VHN-28773 // BID: 25987 // JVNDB: JVNDB-2007-004506 // PACKETSTORM: 60069 // CNNVD: CNNVD-200710-250 // NVD: CVE-2007-5411

CREDITS

Radu State

Trust: 0.6

sources: CNNVD: CNNVD-200710-250

SOURCES

db:	VULHUB	id:	VHN-28773
db:	BID	id:	25987
db:	JVNDB	id:	JVNDB-2007-004506
db:	PACKETSTORM	id:	60069
db:	CNNVD	id:	CNNVD-200710-250
db:	NVD	id:	CVE-2007-5411

LAST UPDATE DATE

2025-04-10T23:11:34.652000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28773	date:	2017-07-29T00:00:00
db:	BID	id:	25987	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-004506	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200710-250	date:	2007-10-24T00:00:00
db:	NVD	id:	CVE-2007-5411	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28773	date:	2007-10-12T00:00:00
db:	BID	id:	25987	date:	2007-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2007-004506	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	60069	date:	2007-10-13T01:32:46
db:	CNNVD	id:	CNNVD-200710-250	date:	2007-10-12T00:00:00
db:	NVD	id:	CVE-2007-5411	date:	2007-10-12T18:17:00