ID CVE-2007-4294
Summary Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
References
Vulnerable Configurations
  • Cisco IOS 12.0
    cpe:2.3:o:cisco:ios:12.0
  • Cisco IOS 12.1
    cpe:2.3:o:cisco:ios:12.1
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
  • Cisco IOS 12.3
    cpe:2.3:o:cisco:ios:12.3
  • Cisco IOS 12.4
    cpe:2.3:o:cisco:ios:12.4
  • Cisco Unified Communications Manager 5.0
    cpe:2.3:a:cisco:unified_communications_manager:5.0
  • Cisco Unified Communications Manager 5.1
    cpe:2.3:a:cisco:unified_communications_manager:5.1
  • Cisco Unified Communications Manager 6.0
    cpe:2.3:a:cisco:unified_communications_manager:6.0
CVSS
Base: 6.8 (as of 10-08-2007 - 13:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CISCO
NASL id CISCO-SA-20070808-IOS-VOICE.NASL
description Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features: - Session Initiation Protocol (SIP) - Media Gateway Control Protocol (MGCP) - Signaling protocols H.323, H.254 - Real-time Transport Protocol (RTP) - Facsimile reception There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
last seen 2019-02-21
modified 2018-11-15
plugin id 49007
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49007
title Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager - Cisco Systems
oval via4
accepted 2010-06-14T04:00:04.080-04:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name KASHIF LATIF
    organization DTCC
description Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
family ios
id oval:org.mitre.oval:def:5851
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution Vulnerability
version 6
refmap via4
bid 25239
cisco 20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
osvdb 36693
sectrack 1018538
secunia 26362
vupen ADV-2007-2816
Last major update 07-03-2011 - 21:58
Published 09-08-2007 - 17:17
Last modified 28-09-2017 - 21:29
Back to Top