CVE-2005-2181

7.5HIGH

Key Information:

Vendor: Cisco
Status: 7960 Router; 7940 Router
Vendor: CVE Published:; 11 July 2005

Summary

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

References

http://www.securitytracker.com/alerts/2005/Jul/1014406.html

vdb-entryx_refsource_SECTRACK

http://marc.info/?l=bugtraq&m=112067698624686&w=2

mailing-listx_refsource_BUGTRAQ

http://pentest.tele-consulting.com/advisories/05_07_06_vo...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2005
Vulnerability Reserved
Jul 10, 2005