CVE-2006-5231 - Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause

CVE-2006-5231

Summary

Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.

References

Vulnerable Configurations

cpe:2.3:h:grandstream:gxp-2000:1.1.0.5:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp-2000:1.1.0.5:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	20356
fulldisc	20061005 (0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS
misc	http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf
secunia	22265
sreason	1718
vupen	ADV-2006-3941
xf	grandstream-udp-dos(29356)

Last major update

20-07-2017 - 01:33

Published

11-10-2006 - 00:07

Last modified

20-07-2017 - 01:33