Remote Denial of Service in Cisco IP Phone 7940 and 7960 Firmware
CVE-2007-4459

Currently unrated

Key Information:

Vendor
Cisco
Status
Voip Phone Cp-7940
Voip Phone Cp-7960
Vendor
CVE Published:
21 August 2007

Summary

The vulnerability in Cisco IP Phone 7940 and 7960 allows remote attackers to execute a denial of service attack, specifically causing a device reboot. This can be achieved through a specific manipulation of SIP (Session Initiation Protocol) messages. By sending a sequence of ten invalid SIP INVITE and OPTIONS messages, or an invalid SIP INVITE message containing a remote tag followed by two particular SIP OPTIONS messages, an attacker can disrupt the normal operation of these devices. This poses significant implications for businesses relying on these communication tools.

References

http://www.securityfocus.com/bid/25378
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/36125
vdb-entryx_refsource_XF
http://www.cisco.com/warp/public/707/cisco-sr-20070821-si...
vendor-advisoryx_refsource_CISCO

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.