CVE-2007-4292 - Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of ser

CVE-2007-4292

Summary

Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2010-06-14T04:00:03.752-04:00

class

vulnerability

contributors

name Yuzheng Zhou
organization Hewlett-Packard
name KASHIF LATIF
organization DTCC

description

family

ios

oval:org.mitre.oval:def:5781

status

accepted

submitted

2008-05-26T11:06:36.000-04:00

title

Cisco IOS Session Initiation Protocol (SIP) Packet DoS Vulnerability

version

refmap via4

bid	25239
cisco	20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
osvdb	36670 36671 36672 36673 36674 36675 36676
sectrack	1018533
secunia	26363
vupen	ADV-2007-2816
xf	cisco-ios-sip-dos(35890)

Last major update

29-09-2017 - 01:29

Published

09-08-2007 - 21:17

Last modified

29-09-2017 - 01:29