Denial of Service Vulnerability in Cisco IP Phone 7940
CVE-2007-5583

Currently unrated

Key Information:

Vendor: Cisco
Status: Ip Phone 7940
Vendor: CVE Published:; 18 December 2007

Summary

A vulnerability in the Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to trigger a denial of service condition. This occurs through a series of SIP INVITE transactions where the Request-URI does not contain a user name. When exploited, this can lead to the device returning '486 Busy' responses or cause the device to reboot unexpectedly, disrupting VoIP services.

References

http://www.securityfocus.com/bid/26711

vdb-entryx_refsource_BID

http://lists.grok.org.uk/pipermail/full-disclosure/2007-D...

mailing-listx_refsource_FULLDISC

http://lists.grok.org.uk/pipermail/full-disclosure/2007-D...

mailing-listx_refsource_FULLDISC

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 18, 2007
Vulnerability Reserved
Oct 19, 2007