var-200708-0411
Vulnerability from variot
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. Cisco IP Phone 7940 and 7960 There is a service disruption ( Reboot device ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Reboot device ) There is a possibility of being put into a state. \"Cisco 7940型IP电话是一种多功能通讯设备,通过IP网络传递语音信号. Cisco 7940在处理特定的请求序列时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了以下3个消息序列的话: X ------------------------- INVITE -----------------------> Cisco X <--- 481 transaction does not exists ----- Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------------- OK ------------------------- Cisco X <--- 481 transaction does not exists ----- Cisco X ------------------------- OPTIONS--------------------> Cisco 或发送以下10个消息序列的话: X ------------------------- INVITE -----------------------> Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------- 200 OK ------------------------- Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------- 200 OK ------------------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X ------------------------- INVITE -----------------------> Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------- 404 Not Found ------------------ Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X <--------------- 400 Bad Request --------------- Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------- 200 OK ------------------------- Cisco X ------------------------- INVITE -----------------------> Cisco X <----------------100 Trying ------------------------- Cisco X <--------------- 404 Not Found ------------------ Cisco X <--------------- 404 Not Found ------------------ Cisco X <--------------- 404 Not Found ------------------ Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------- 200 OK ------------------------- Cisco X <--------------- 404 Not Found ------------------ Cisco X ------------------------- OPTIONS--------------------> Cisco X <--------------------- 200 OK ------------------------- Cisco X <--------------- 404 Not Found ------------------ Cisco 就会导致设备重启. \". Cisco 7940/7960 phones are prone to multiple denial-of-service vulnerabilities. A successful attack can allow remote attackers to crash or reboot an affected device. Cisco 7940/7960 devices running firmware P0S3-08-6-00 and prior are reported vulnerable. "Cisco 7940 type IP A telephone is a multifunctional communication device that IP The network transmits voice signals. Cisco 7940 A vulnerability exists in the processing of a specific sequence of requests that could be exploited by a remote attacker to render the device unusable.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Cisco IP Phone 7940 SIP Message Sequence Denial of Service
SECUNIA ADVISORY ID: SA26547
VERIFY ADVISORY: http://secunia.com/advisories/26547/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Cisco IP Phone 7940 http://secunia.com/product/1113/
DESCRIPTION: The Madynes research team at INRIA Lorraine has reported some vulnerabilities in Cisco IP Phone 7940, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to errors within the handling of certain SIP message sequences. These can be exploited to reboot the device by sending a series of specially crafted SIP messages.
The vulnerabilities are reported in firmware version POS3-08-6-00.
SOLUTION: Use only in a trusted network environment.
PROVIDED AND/OR DISCOVERED BY: Madynes research team at INRIA Lorraine
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "voip phone cp-7960",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.70"
},
{
"model": "voip phone cp-7940",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.70"
},
{
"model": "voip phone cp-7940",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "firmware p0s3-08-6-00 and firmware 8.7(0) other less than sip"
},
{
"model": "voip phone cp-7960",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "firmware p0s3-08-6-00 and firmware 8.7(0) other less than sip"
},
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.70"
},
{
"model": "voip phone cp-7960",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.70"
},
{
"model": "voip phone cp-7960",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "voip phone cp-7960",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "voip phone cp-7960",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "voip phone cp-7960",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(0)"
},
{
"model": "voip phone cp-7940",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(0)"
},
{
"model": "voip phone cp-7960",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7(0)"
},
{
"model": "voip phone cp-7940",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7(0)"
}
],
"sources": [
{
"db": "BID",
"id": "25378"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:voip_phone_cp-7940",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:voip_phone_cp-7960",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Radu State\u203b state@loria.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-4459",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-27821",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-4459",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-349",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-27821",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. Cisco IP Phone 7940 and 7960 There is a service disruption ( Reboot device ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Reboot device ) There is a possibility of being put into a state. \\\"Cisco 7940\u578bIP\u7535\u8bdd\u662f\u4e00\u79cd\u591a\u529f\u80fd\u901a\u8baf\u8bbe\u5907\uff0c\u901a\u8fc7IP\u7f51\u7edc\u4f20\u9012\u8bed\u97f3\u4fe1\u53f7. \nCisco 7940\u5728\u5904\u7406\u7279\u5b9a\u7684\u8bf7\u6c42\u5e8f\u5217\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u4e0d\u53ef\u7528. \n\u5982\u679c\u5411Cisco 7940 IP\u7535\u8bdd\u53d1\u9001\u4e86\u4ee5\u4e0b3\u4e2a\u6d88\u606f\u5e8f\u5217\u7684\u8bdd\uff1a\nX ------------------------- INVITE -----------------------\uff1e Cisco\nX \uff1c--- 481 transaction does not exists ----- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------------- OK ------------------------- Cisco\nX \uff1c--- 481 transaction does not exists ----- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\n\u6216\u53d1\u9001\u4ee5\u4e0b10\u4e2a\u6d88\u606f\u5e8f\u5217\u7684\u8bdd\uff1a\nX ------------------------- INVITE -----------------------\uff1e Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------- 200 OK ------------------------- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------- 200 OK ------------------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX ------------------------- INVITE -----------------------\uff1e Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX \uff1c--------------- 400 Bad Request --------------- Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------- 200 OK ------------------------- Cisco\nX ------------------------- INVITE -----------------------\uff1e Cisco\nX \uff1c----------------100 Trying ------------------------- Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------- 200 OK ------------------------- Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\nX ------------------------- OPTIONS--------------------\uff1e Cisco\nX \uff1c--------------------- 200 OK ------------------------- Cisco\nX \uff1c--------------- 404 Not Found ------------------ Cisco\n\u5c31\u4f1a\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f. \n\\\". Cisco 7940/7960 phones are prone to multiple denial-of-service vulnerabilities. \nA successful attack can allow remote attackers to crash or reboot an affected device. \nCisco 7940/7960 devices running firmware P0S3-08-6-00 and prior are reported vulnerable. \"Cisco 7940 type IP A telephone is a multifunctional communication device that IP The network transmits voice signals. Cisco 7940 A vulnerability exists in the processing of a specific sequence of requests that could be exploited by a remote attacker to render the device unusable. \n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco IP Phone 7940 SIP Message Sequence Denial of Service\n\nSECUNIA ADVISORY ID:\nSA26547\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26547/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCisco IP Phone 7940\nhttp://secunia.com/product/1113/\n\nDESCRIPTION:\nThe Madynes research team at INRIA Lorraine has reported some\nvulnerabilities in Cisco IP Phone 7940, which can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerabilities are caused due to errors within the handling of\ncertain SIP message sequences. These can be exploited to reboot the\ndevice by sending a series of specially crafted SIP messages. \n\nThe vulnerabilities are reported in firmware version POS3-08-6-00. \n\nSOLUTION:\nUse only in a trusted network environment. \n\nPROVIDED AND/OR DISCOVERED BY:\nMadynes research team at INRIA Lorraine\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4459"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "BID",
"id": "25378"
},
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "PACKETSTORM",
"id": "58747"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-27821",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4459",
"trust": 2.8
},
{
"db": "BID",
"id": "25378",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26547",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1018591",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3042",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "36695",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2928",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534",
"trust": 0.8
},
{
"db": "XF",
"id": "36125",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070821 MULTIPLE SIP VULNERABILITIES IN THE CISCO 7960 IP PHONES",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070820 10 MESSAGES SIP REMOTE DOS ON CISCO 7940 SIP PHONE",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070820 3 MESSSAGES ATTACK REMOTE DOS ON CISCO 7940",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "4297",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "4298",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-27821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "BID",
"id": "25378"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "PACKETSTORM",
"id": "58747"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"id": "VAR-200708-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:28:13.660000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Document ID: 592",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070821-sip"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065401.html"
},
{
"trust": 1.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065402.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25378"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/36695"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018591"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26547"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3042"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2928"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36125"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4459"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2928"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36125"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/hw/phones/ps379/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a00808a6693.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1113/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26547/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "BID",
"id": "25378"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "PACKETSTORM",
"id": "58747"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27821"
},
{
"db": "BID",
"id": "25378"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"db": "PACKETSTORM",
"id": "58747"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-27821"
},
{
"date": "2007-08-20T00:00:00",
"db": "BID",
"id": "25378"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"date": "2007-08-21T20:53:35",
"db": "PACKETSTORM",
"id": "58747"
},
{
"date": "2007-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"date": "2007-08-21T21:17:00",
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-27821"
},
{
"date": "2015-04-16T18:09:00",
"db": "BID",
"id": "25378"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002534"
},
{
"date": "2007-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-349"
},
{
"date": "2024-11-21T00:35:39.153000",
"db": "NVD",
"id": "CVE-2007-4459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phone 7940 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-349"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.