Details of VAR-200712-0412

ID

VAR-200712-0412

CVE

CVE-2007-5583

TITLE

Cisco IP Phone 7940 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002810

DESCRIPTION

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco 7940型IP电话是一种多功能通讯设备，通过IP网络传递语音信号. Cisco 7940在处理畸形INVITE消息时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了一系列SIP INVITE消息的话，就可能导致设备看起来在正常工作而实际上无法接收或发起呼叫，继续发送INVITE消息的话就会导致设备重启. 攻击者所发送的SIP INVITE消息中的Request-URI部分应不包含有用户名，如INVITE sip：XXX.XXX.XXX.XXX SIP/2.0。需要发送6次才能导致设备拒绝服务，如下所示： X ----------------------- INVITE (Call-ID ＃1) -----------------------＞ Cisco 7940 X ＜------------------ 100 Trying (Call-ID ＃1) --------------------- Cisco 7940 .... --------5 New Dialogs like the previous-------- .... X ----------------------- INVITE (Call-ID ＃7) -----------------------＞ Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃7) --------------------- Cisco 7940 -------- DoS for aproximatly 3 minutes ------ X ＜------------------ 486 Busy (Call-ID ＃1) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃2) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃3) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃4) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃5) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃6) --------------------- Cisco 7940. Cisco 7940 SIP phones are prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device to fail to respond to further call requests and to potentially crash, denying service to legitimate users. This issue affects version P0S3-08-7-00 of Cisco 7940 SIP phones; other versions may also be affected. Cisco 7940 has a loophole when processing malformed INVITE messages. Remote attackers may use this loophole to make the device unavailable. The Request-URI part of the SIP INVITE message sent by the attacker should not contain the user name, such as INVITE sip:XXX.XXX.XXX.XXX SIP/2.0. It needs to be sent 6 times to cause the device to deny service, as follows: X ----------------------- INVITE (Call-ID #1) ---- -------------------> Cisco 7940 X <------------------ 100 Trying (Call-ID #1 ) --------------------- Cisco 7940 ...

Trust: 2.52

sources: NVD: CVE-2007-5583 // JVNDB: JVNDB-2007-002810 // CNNVD: CNNVD-200712-207 // BID: 26711 // VULHUB: VHN-28945

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 7940	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ip phone 7940	scope:	eq	version:	firmware p0 s3-08-7-00	Trust: 0.8
vendor:	cisco	model:	ip phone 7940	scope:	eq	version:	firmware_p0s3-08-7-00	Trust: 0.6
vendor:	cisco	model:	ip phone	scope:	eq	version:	7940	Trust: 0.3

sources: BID: 26711 // JVNDB: JVNDB-2007-002810 // NVD: CVE-2007-5583 // CNNVD: CNNVD-200712-207

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-5583
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-200712-207
value:	HIGH
Trust: 0.6
VULHUB:	VHN-28945
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-5583
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-28945
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28945 // JVNDB: JVNDB-2007-002810 // NVD: CVE-2007-5583 // CNNVD: CNNVD-200712-207

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-28945 // JVNDB: JVNDB-2007-002810 // NVD: CVE-2007-5583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-207

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200712-207

CONFIGURATIONS

sources: NVD: CVE-2007-5583

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28945

PATCH

title:

Top Page

url:

https://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002810

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5583	Trust: 2.8
db:	BID	id:	26711	Trust: 2.0
db:	EXPLOIT-DB	id:	4692	Trust: 1.7
db:	SECTRACK	id:	1019059	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002810	Trust: 0.8
db:	FULLDISC	id:	20071208 RE: CISCO PHONE 7940 REMOTE DOS	Trust: 0.6
db:	FULLDISC	id:	20071208 CISCO PHONE 7940 REMOTE DOS	Trust: 0.6
db:	FULLDISC	id:	20071205 CISCO PHONE 7940 REMOTE DOS	Trust: 0.6
db:	NSFOCUS	id:	11234	Trust: 0.6
db:	MILW0RM	id:	4692	Trust: 0.6
db:	XF	id:	38853	Trust: 0.6
db:	CNNVD	id:	CNNVD-200712-207	Trust: 0.6
db:	VULHUB	id:	VHN-28945	Trust: 0.1

sources: VULHUB: VHN-28945 // BID: 26711 // JVNDB: JVNDB-2007-002810 // NVD: CVE-2007-5583 // CNNVD: CNNVD-200712-207

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/058837.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/26711	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/058932.html	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2007/dec/0196.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1019059	Trust: 1.7
url:	https://www.exploit-db.com/exploits/4692	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38853	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5583	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5583	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/38853	Trust: 0.6
url:	http://www.milw0rm.com/exploits/4692	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/11234	Trust: 0.6
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/index.html	Trust: 0.3
url:	http://lists.virus.org/full-disclosure-0712/msg00195.html	Trust: 0.3

sources: VULHUB: VHN-28945 // BID: 26711 // JVNDB: JVNDB-2007-002810 // NVD: CVE-2007-5583 // CNNVD: CNNVD-200712-207

CREDITS

Radu State state@loria.fr

Trust: 0.6

sources: CNNVD: CNNVD-200712-207

SOURCES

db:	VULHUB	id:	VHN-28945
db:	BID	id:	26711
db:	JVNDB	id:	JVNDB-2007-002810
db:	NVD	id:	CVE-2007-5583
db:	CNNVD	id:	CNNVD-200712-207

LAST UPDATE DATE

2023-12-18T13:10:19.856000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28945	date:	2017-09-29T00:00:00
db:	BID	id:	26711	date:	2007-12-11T03:52:00
db:	JVNDB	id:	JVNDB-2007-002810	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-5583	date:	2017-09-29T01:29:38.783
db:	CNNVD	id:	CNNVD-200712-207	date:	2007-12-18T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28945	date:	2007-12-18T00:00:00
db:	BID	id:	26711	date:	2007-12-05T00:00:00
db:	JVNDB	id:	JVNDB-2007-002810	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-5583	date:	2007-12-18T01:46:00
db:	CNNVD	id:	CNNVD-200712-207	date:	2007-12-17T00:00:00