cvelistv5 - cve-2007-5583

CVE-2007-5583 (GCVE-0-2007-5583)

Vulnerability from cvelistv5 – Published: 2007-12-18 01:00 – Updated: 2024-08-07 15:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/26711	vdb-entryx_refsource_BID
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	https://www.exploit-db.com/exploits/4692	exploitx_refsource_EXPLOIT-DB
	http://seclists.org/fulldisclosure/2007/Dec/0196.html	mailing-listx_refsource_FULLDISC
	http://www.securitytracker.com/id?1019059	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26711",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26711"
          },
          {
            "name": "20071208 Cisco Phone 7940 remote DOS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
          },
          {
            "name": "20071205 Cisco Phone 7940 remote DOS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
          },
          {
            "name": "4692",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4692"
          },
          {
            "name": "20071208 Re: Cisco Phone 7940 remote DOS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
          },
          {
            "name": "1019059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019059"
          },
          {
            "name": "cisco-ipphone-invite-dos(38853)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "26711",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26711"
        },
        {
          "name": "20071208 Cisco Phone 7940 remote DOS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
        },
        {
          "name": "20071205 Cisco Phone 7940 remote DOS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
        },
        {
          "name": "4692",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4692"
        },
        {
          "name": "20071208 Re: Cisco Phone 7940 remote DOS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
        },
        {
          "name": "1019059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019059"
        },
        {
          "name": "cisco-ipphone-invite-dos(38853)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2007-5583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26711",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26711"
            },
            {
              "name": "20071208 Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
            },
            {
              "name": "20071205 Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
            },
            {
              "name": "4692",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4692"
            },
            {
              "name": "20071208 Re: Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
            },
            {
              "name": "1019059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019059"
            },
            {
              "name": "cisco-ipphone-invite-dos(38853)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2007-5583",
    "datePublished": "2007-12-18T01:00:00",
    "dateReserved": "2007-10-19T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_7940:*:firmware_p0s3-08-7-00:*:*:*:*:*:*\", \"matchCriteriaId\": \"59AC8379-88A8-455E-AE16-41FF4C42C4A9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\\\"486 Busy\\\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.\"}, {\"lang\": \"es\", \"value\": \"Cisco IP Phone 7940 con firmware P0S3-08-7-00 permite a atacantes remotos provocar denegaci\\u00f3n de servicio (respuesta \\\"486 busy\\\" o reinicio del dispositivo) a trav\\u00e9s de una secuencia de transacciones SIP INVITE en los cuales la  respuesta-URI carece de un nombre de usuario, una vulnerabilidad diferente que CVE-2007-4459.\"}]",
      "id": "CVE-2007-5583",
      "lastModified": "2024-11-21T00:38:15.080",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-12-18T01:46:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Dec/0196.html\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/26711\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019059\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38853\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/4692\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2007/Dec/0196.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019059\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4692\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5583\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2007-12-18T01:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\\\"486 Busy\\\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.\"},{\"lang\":\"es\",\"value\":\"Cisco IP Phone 7940 con firmware P0S3-08-7-00 permite a atacantes remotos provocar denegaci\u00f3n de servicio (respuesta \\\"486 busy\\\" o reinicio del dispositivo) a trav\u00e9s de una secuencia de transacciones SIP INVITE en los cuales la  respuesta-URI carece de un nombre de usuario, una vulnerabilidad diferente que CVE-2007-4459.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_7940:*:firmware_p0s3-08-7-00:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AC8379-88A8-455E-AE16-41FF4C42C4A9\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Dec/0196.html\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/26711\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019059\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38853\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://www.exploit-db.com/exploits/4692\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2007/Dec/0196.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-5583

Vulnerability from fkie_nvd - Published: 2007-12-18 01:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html	Exploit
psirt@cisco.com	http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html
psirt@cisco.com	http://seclists.org/fulldisclosure/2007/Dec/0196.html
psirt@cisco.com	http://www.securityfocus.com/bid/26711	Exploit
psirt@cisco.com	http://www.securitytracker.com/id?1019059
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38853
psirt@cisco.com	https://www.exploit-db.com/exploits/4692
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2007/Dec/0196.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26711	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019059
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38853
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4692

Impacted products

	Vendor	Product	Version
	cisco	ip_phone_7940	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7940:*:firmware_p0s3-08-7-00:*:*:*:*:*:*",
              "matchCriteriaId": "59AC8379-88A8-455E-AE16-41FF4C42C4A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459."
    },
    {
      "lang": "es",
      "value": "Cisco IP Phone 7940 con firmware P0S3-08-7-00 permite a atacantes remotos provocar denegaci\u00f3n de servicio (respuesta \"486 busy\" o reinicio del dispositivo) a trav\u00e9s de una secuencia de transacciones SIP INVITE en los cuales la  respuesta-URI carece de un nombre de usuario, una vulnerabilidad diferente que CVE-2007-4459."
    }
  ],
  "id": "CVE-2007-5583",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-18T01:46:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26711"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1019059"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://www.exploit-db.com/exploits/4692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4692"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-5583

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5583

Aliases

CVE-2007-5583

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5583",
    "description": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.",
    "id": "GSD-2007-5583"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5583"
      ],
      "details": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.",
      "id": "GSD-2007-5583",
      "modified": "2023-12-13T01:21:40.950356Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2007-5583",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26711",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26711"
          },
          {
            "name": "20071208 Cisco Phone 7940 remote DOS",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
          },
          {
            "name": "20071205 Cisco Phone 7940 remote DOS",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
          },
          {
            "name": "4692",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4692"
          },
          {
            "name": "20071208 Re: Cisco Phone 7940 remote DOS",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
          },
          {
            "name": "1019059",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019059"
          },
          {
            "name": "cisco-ipphone-invite-dos(38853)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7940:*:firmware_p0s3-08-7-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2007-5583"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071205 Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
            },
            {
              "name": "26711",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/26711"
            },
            {
              "name": "20071208 Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
            },
            {
              "name": "20071208 Re: Cisco Phone 7940 remote DOS",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
            },
            {
              "name": "1019059",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019059"
            },
            {
              "name": "cisco-ipphone-invite-dos(38853)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
            },
            {
              "name": "4692",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4692"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:29Z",
      "publishedDate": "2007-12-18T01:46Z"
    }
  }
}

GHSA-MP26-CR2X-V76M

Vulnerability from github – Published: 2022-05-01 18:34 – Updated: 2022-05-01 18:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-18T01:46:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.",
  "id": "GHSA-mp26-cr2x-v76m",
  "modified": "2022-05-01T18:34:54Z",
  "published": "2022-05-01T18:34:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5583"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4692"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2007/Dec/0196.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26711"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019059"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200712-0412

Vulnerability from variot - Updated: 2023-12-18 13:10

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco 7940型IP电话是一种多功能通讯设备，通过IP网络传递语音信号. Cisco 7940在处理畸形INVITE消息时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了一系列SIP INVITE消息的话，就可能导致设备看起来在正常工作而实际上无法接收或发起呼叫，继续发送INVITE消息的话就会导致设备重启. 攻击者所发送的SIP INVITE消息中的Request-URI部分应不包含有用户名，如INVITE sip：XXX.XXX.XXX.XXX SIP/2.0。需要发送6次才能导致设备拒绝服务，如下所示： X ----------------------- INVITE (Call-ID ＃1) -----------------------＞ Cisco 7940 X ＜------------------ 100 Trying (Call-ID ＃1) --------------------- Cisco 7940 .... --------5 New Dialogs like the previous-------- .... X ----------------------- INVITE (Call-ID ＃7) -----------------------＞ Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃7) --------------------- Cisco 7940 -------- DoS for aproximatly 3 minutes ------ X ＜------------------ 486 Busy (Call-ID ＃1) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃2) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃3) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃4) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃5) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃6) --------------------- Cisco 7940. Cisco 7940 SIP phones are prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device to fail to respond to further call requests and to potentially crash, denying service to legitimate users. This issue affects version P0S3-08-7-00 of Cisco 7940 SIP phones; other versions may also be affected. Cisco 7940 has a loophole when processing malformed INVITE messages. Remote attackers may use this loophole to make the device unavailable. The Request-URI part of the SIP INVITE message sent by the attacker should not contain the user name, such as INVITE sip:XXX.XXX.XXX.XXX SIP/2.0. It needs to be sent 6 times to cause the device to deny service, as follows: X ----------------------- INVITE (Call-ID #1) ---- -------------------> Cisco 7940 X <------------------ 100 Trying (Call-ID #1 ) --------------------- Cisco 7940 ...

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200712-0412",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ip phone 7940",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "ip phone 7940",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "firmware p0 s3-08-7-00"
      },
      {
        "model": "ip phone 7940",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "firmware_p0s3-08-7-00"
      },
      {
        "model": "ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7940"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7940:*:firmware_p0s3-08-7-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Radu State state@loria.fr",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5583",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-5583",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-28945",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5583",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200712-207",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28945",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (\"486 Busy\" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco 7940\u578bIP\u7535\u8bdd\u662f\u4e00\u79cd\u591a\u529f\u80fd\u901a\u8baf\u8bbe\u5907\uff0c\u901a\u8fc7IP\u7f51\u7edc\u4f20\u9012\u8bed\u97f3\u4fe1\u53f7. \nCisco 7940\u5728\u5904\u7406\u7578\u5f62INVITE\u6d88\u606f\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u4e0d\u53ef\u7528. \n\u5982\u679c\u5411Cisco 7940 IP\u7535\u8bdd\u53d1\u9001\u4e86\u4e00\u7cfb\u5217SIP INVITE\u6d88\u606f\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u8bbe\u5907\u770b\u8d77\u6765\u5728\u6b63\u5e38\u5de5\u4f5c\u800c\u5b9e\u9645\u4e0a\u65e0\u6cd5\u63a5\u6536\u6216\u53d1\u8d77\u547c\u53eb\uff0c\u7ee7\u7eed\u53d1\u9001INVITE\u6d88\u606f\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f. \n\u653b\u51fb\u8005\u6240\u53d1\u9001\u7684SIP INVITE\u6d88\u606f\u4e2d\u7684Request-URI\u90e8\u5206\u5e94\u4e0d\u5305\u542b\u6709\u7528\u6237\u540d\uff0c\u5982INVITE sip\uff1aXXX.XXX.XXX.XXX SIP/2.0\u3002\u9700\u8981\u53d1\u90016\u6b21\u624d\u80fd\u5bfc\u81f4\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\uff0c\u5982\u4e0b\u6240\u793a\uff1a\nX ----------------------- INVITE (Call-ID \uff031) -----------------------\uff1e Cisco 7940\nX \uff1c------------------ 100 Trying (Call-ID \uff031) --------------------- Cisco 7940\n.... \n--------5 New Dialogs like the previous--------\n.... \nX ----------------------- INVITE (Call-ID \uff037) -----------------------\uff1e Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff037) --------------------- Cisco 7940\n-------- DoS for aproximatly 3 minutes ------\nX \uff1c------------------ 486 Busy (Call-ID \uff031) --------------------- Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff032) --------------------- Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff033) --------------------- Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff034) --------------------- Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff035) --------------------- Cisco 7940\nX \uff1c------------------ 486 Busy (Call-ID \uff036) --------------------- Cisco 7940. Cisco 7940 SIP phones are prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. \nExploiting this issue allows remote attackers to cause the device to fail to respond to further call requests and to potentially crash, denying service to legitimate users. \nThis issue affects version P0S3-08-7-00 of Cisco 7940 SIP phones; other versions may also be affected. Cisco 7940 has a loophole when processing malformed INVITE messages. Remote attackers may use this loophole to make the device unavailable. The Request-URI part of the SIP INVITE message sent by the attacker should not contain the user name, such as INVITE sip:XXX.XXX.XXX.XXX SIP/2.0. It needs to be sent 6 times to cause the device to deny service, as follows: X ----------------------- INVITE (Call-ID #1) ---- -------------------\u003e Cisco 7940 X \u003c------------------ 100 Trying (Call-ID #1 ) --------------------- Cisco 7940 ...",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      },
      {
        "db": "BID",
        "id": "26711"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-28945",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5583",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26711",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4692",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1019059",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810",
        "trust": 0.8
      },
      {
        "db": "FULLDISC",
        "id": "20071208 RE: CISCO PHONE 7940 REMOTE DOS",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20071208 CISCO PHONE 7940 REMOTE DOS",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20071205 CISCO PHONE 7940 REMOTE DOS",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "11234",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "4692",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "38853",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28945",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "db": "BID",
        "id": "26711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "id": "VAR-200712-0412",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      }
    ],
    "trust": 0.47675563
  },
  "last_update_date": "2023-12-18T13:10:19.856000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/058837.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26711"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/058932.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2007/dec/0196.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019059"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/4692"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38853"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5583"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5583"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/38853"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/4692"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11234"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/hw/phones/ps379/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://lists.virus.org/full-disclosure-0712/msg00195.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "db": "BID",
        "id": "26711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "db": "BID",
        "id": "26711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "date": "2007-12-05T00:00:00",
        "db": "BID",
        "id": "26711"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "date": "2007-12-18T01:46:00",
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "date": "2007-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28945"
      },
      {
        "date": "2007-12-11T03:52:00",
        "db": "BID",
        "id": "26711"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      },
      {
        "date": "2017-09-29T01:29:38.783000",
        "db": "NVD",
        "id": "CVE-2007-5583"
      },
      {
        "date": "2007-12-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IP Phone 7940 Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002810"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-207"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5583 (GCVE-0-2007-5583)

FKIE_CVE-2007-5583

GSD-2007-5583

GHSA-MP26-CR2X-V76M

VAR-200712-0412

Tags

Sightings

Nomenclature