Denial of Service Vulnerability in Cisco IP Phone Models and IOS Versions
CVE-2003-1109

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ip Phone 7940; Ip Phone 7960; Pix Firewall Software
Vendor: CVE Published:; 31 December 2003

Summary

The Session Initiation Protocol (SIP) implementation in various Cisco products is susceptible to a denial of service condition. By sending specially crafted INVITE messages, remote attackers could potentially disrupt service to Cisco IP Phones and IOS versions. This vulnerability affects multiple models, including the Cisco IP Phone 7940 and 7960, as well as multiple versions of Cisco IOS. Exploitation could not only lead to a service disruption but may also allow the execution of arbitrary code, demonstrating the critical importance of addressing this vulnerability as outlined in the OUSPG PROTOS SIP test suite.

References

http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/

x_refsource_MISC

http://www.securitytracker.com/id?1006145

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/warp/public/707/cisco-sa-20030221-pr...

vendor-advisoryx_refsource_CISCO

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Mar 11, 2005
Vulnerability published
Dec 31, 2003