Remote Denial of Service in Cisco IP Phone 7940 and 7960 Firmware
CVE-2007-4459

Currently unrated

Key Information:

Vendor: Cisco
Status: Voip Phone Cp-7940; Voip Phone Cp-7960
Vendor: CVE Published:; 21 August 2007

What is CVE-2007-4459?

The vulnerability in Cisco IP Phone 7940 and 7960 allows remote attackers to execute a denial of service attack, specifically causing a device reboot. This can be achieved through a specific manipulation of SIP (Session Initiation Protocol) messages. By sending a sequence of ten invalid SIP INVITE and OPTIONS messages, or an invalid SIP INVITE message containing a remote tag followed by two particular SIP OPTIONS messages, an attacker can disrupt the normal operation of these devices. This poses significant implications for businesses relying on these communication tools.

References

http://www.securityfocus.com/bid/25378

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/36125

vdb-entryx_refsource_XF

http://www.cisco.com/warp/public/707/cisco-sr-20070821-si...

vendor-advisoryx_refsource_CISCO

EPSS Score

70% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2007
Vulnerability Reserved
Aug 21, 2007