Executive Summary
Summary | |
---|---|
Title | Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070808-IOS-voice | First vendor Publication | 2007-08-01 |
Vendor | Cisco | Last vendor Modification | 2007-08-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features: |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5075 | |||
Oval ID: | oval:org.mitre.oval:def:5075 | ||
Title: | Cisco IOS Session Initiation Protocol (SIP) Packet Code Execution Vulnerability | ||
Description: | Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4295 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5570 | |||
Oval ID: | oval:org.mitre.oval:def:5570 | ||
Title: | Cisco IOS H.323 Packet DoS Vulnerability, Media Gateway Control Protocol Packet DoS Vulnerability and Real-time Transport Protocol Packet DoS Vulnerability | ||
Description: | Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4291 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5781 | |||
Oval ID: | oval:org.mitre.oval:def:5781 | ||
Title: | Cisco IOS Session Initiation Protocol (SIP) Packet DoS Vulnerability | ||
Description: | Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4292 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5801 | |||
Oval ID: | oval:org.mitre.oval:def:5801 | ||
Title: | Cisco IOS Media Gateway Control Protocol Packet DoS Vulnerability and Facsimile Reception Overly Large Packet DoS Vulnerability | ||
Description: | Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4293 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5851 | |||
Oval ID: | oval:org.mitre.oval:def:5851 | ||
Title: | Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution Vulnerability | ||
Description: | Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4294 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Os | 5 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36693 | Cisco Unified Communications Manager (CUCM) Crafted SIP Packet Remote Code Ex... |
36681 | Cisco IOS I/O Memory Corruption Unspecified DoS |
36680 | Cisco IOS VOIP RTP Lib Unspecified DoS |
36679 | Cisco IOS malformed Real-time Transport Protocol (RTP) Packet Remote DoS |
36678 | Cisco IOS Proxy Unregistration Malformed H.323 Packet Remote DoS |
36677 | Cisco IOS Malformed MGCP Packet Remote DoS |
36676 | Cisco IOS Malformed SIP Packet Remote DoS (CSCsf11855) |
36675 | Cisco IOS Malformed SIP Packet Remote DoS (CSCeb21064) |
36674 | Cisco IOS Malformed SIP Packet Remote DoS (CSCse40276) |
36673 | Cisco IOS Malformed SIP Packet Remote DoS (CSCse68355) |
36672 | Cisco IOS Malformed SIP Packet Remote Memory Leak DoS (CSCsf30058) |
36671 | Cisco IOS Malformed SIP Packet Remote Memory Corruption (CSCsb24007) |
36670 | Cisco IOS Malformed SIP Packet Remote DoS (CSCsc60249) |
36669 | Cisco IOS Malformed MGCP Message Remote DoS |
36668 | Cisco IOS Large Facsimile Packet Remote DoS |
36667 | Cisco IOS Voice Service SIP Packet Unspecified Remote Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-IOS-voice.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:51 |
|