9.3 - cisco-sa-20070808-IOS-voice

Executive Summary

Summary
Title	Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

Informations
Name	cisco-sa-20070808-IOS-voice	First vendor Publication	2007-08-01
Vendor	Cisco	Last vendor Modification	2007-08-20
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5075

Oval ID:	oval:org.mitre.oval:def:5075
Title:	Cisco IOS Session Initiation Protocol (SIP) Packet Code Execution Vulnerability
Description:	Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2007-4295	Version:	3
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
IOS vulnerable versions AND NOT IOS vulnerable versions AND SIP Line Test SIP Test using ip socket. config contains: 5060 AND SIP Test using Tcp brief all. result contains: 5060 AND SIP Test using runnning config. result contains: 5060

Definition Id: oval:org.mitre.oval:def:5570

Oval ID:	oval:org.mitre.oval:def:5570
Title:	Cisco IOS H.323 Packet DoS Vulnerability, Media Gateway Control Protocol Packet DoS Vulnerability and Real-time Transport Protocol Packet DoS Vulnerability
Description:	Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2007-4291	Version:	1
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
IOS vulnerable versions AND NOT IOS vulnerable versions AND config contains: proxy h323 AND config contains: ip inspect name \S+ h323 AND config contains: service mgcpapp

Definition Id: oval:org.mitre.oval:def:5781

Oval ID:	oval:org.mitre.oval:def:5781
Title:	Cisco IOS Session Initiation Protocol (SIP) Packet DoS Vulnerability
Description:	Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2007-4292	Version:	3
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
Cisco ISO Version Tests IOS vulnerable versions AND NOT IOS vulnerable versions AND SIP Line Test SIP Test using ip socket. config contains: 5060 .may generate few false positive AND SIP Test using Tcp brief all. result contains: 5060 AND SIP Test using runnning config. result contains: 5060

Definition Id: oval:org.mitre.oval:def:5801

Oval ID:	oval:org.mitre.oval:def:5801
Title:	Cisco IOS Media Gateway Control Protocol Packet DoS Vulnerability and Facsimile Reception Overly Large Packet DoS Vulnerability
Description:	Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2007-4293	Version:	1
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
IOS vulnerable versions AND NOT IOS vulnerable versions AND config contains: service mgcpapp

Definition Id: oval:org.mitre.oval:def:5851

Oval ID:	oval:org.mitre.oval:def:5851
Title:	Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution Vulnerability
Description:	Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2007-4294	Version:	3
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
Cisco ISO version Test IOS vulnerable versions AND NOT IOS vulnerable versions AND SIP Line Test SIP Test using ip socket. config contains: 5060 .may generate few false positive AND SIP Test using Tcp brief all. result contains: 5060 AND SIP Test using runnning config. result contains: 5060

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Unified Communications Manager cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::* cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::* cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*	3
Os	Cisco Ios cpe:2.3:o:cisco:ios:12.4:::::::* cpe:2.3:o:cisco:ios:12.3:::::::* cpe:2.3:o:cisco:ios:12.2:::::::* cpe:2.3:o:cisco:ios:12.1:::::::* cpe:2.3:o:cisco:ios:12.0:::::::*	5

Open Source Vulnerability Database (OSVDB)

Id	Description
36693	Cisco Unified Communications Manager (CUCM) Crafted SIP Packet Remote Code Ex...
36681	Cisco IOS I/O Memory Corruption Unspecified DoS
36680	Cisco IOS VOIP RTP Lib Unspecified DoS
36679	Cisco IOS malformed Real-time Transport Protocol (RTP) Packet Remote DoS
36678	Cisco IOS Proxy Unregistration Malformed H.323 Packet Remote DoS
36677	Cisco IOS Malformed MGCP Packet Remote DoS
36676	Cisco IOS Malformed SIP Packet Remote DoS (CSCsf11855)
36675	Cisco IOS Malformed SIP Packet Remote DoS (CSCeb21064)
36674	Cisco IOS Malformed SIP Packet Remote DoS (CSCse40276)
36673	Cisco IOS Malformed SIP Packet Remote DoS (CSCse68355)
36672	Cisco IOS Malformed SIP Packet Remote Memory Leak DoS (CSCsf30058)
36671	Cisco IOS Malformed SIP Packet Remote Memory Corruption (CSCsb24007)
36670	Cisco IOS Malformed SIP Packet Remote DoS (CSCsc60249)
36669	Cisco IOS Malformed MGCP Message Remote DoS
36668	Cisco IOS Large Facsimile Packet Remote DoS
36667	Cisco IOS Voice Service SIP Packet Unspecified Remote Code Execution

Nessus® Vulnerability Scanner

Date	Description
2010-09-01	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-IOS-voice.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 10:21:51	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	5
CPE ID(s)	8
osvdb(s)	16
Nessus® Exploit(s)	1

	Related
9.3	CVE-2007-4292
7.1	CVE-2007-4293
7.1	CVE-2007-4291
6.8	CVE-2007-4295
6.8	CVE-2007-4294
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

9.3 - cisco-sa-20070808-IOS-voice

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU