4 results (0.006 seconds)

CVSS: 7.1EPSS: 80%CPEs: 6EXPL: 3

Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. Cisco IP Phone 7940 y 7960 con versión de firmware P0S3-08-6-00, y otro SIP versiones de firmware anteriores a 8.7(0), permite a atacantes remotos causar una denegación de servicio (reinicio del dispositivo) por medio de (1) una cierta secuencia de 10 mensajes SIP INVITE y OPTIONS no válidos; o (2) un determinado mensaje SIP INVITE no válido que contiene una etiqueta remota, seguido por un cierto ajuste de dos mensajes SIP OPTIONS relacionados. • https://www.exploit-db.com/exploits/4298 https://www.exploit-db.com/exploits/4297 http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html http://secunia.com/advisories/26547 http://securityreason.com/securityalert/3042 http://securitytracker.com/id?1018591 http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml http://www.osvdb.org/36695 http://www.securityfocus.com/bid/ • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 1%CPEs: 6EXPL: 0

The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. • http://online.securityfocus.com/archive/1/273673 http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml http://www.iss.net/security_center/static/9142.php http://www.iss.net/security_center/static/9143.php http://www.securityfocus.com/bid/4794 http://www.securityfocus.com/bid/4798 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2." • http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. • http://online.securityfocus.com/archive/1/273673 http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml http://www.iss.net/security_center/static/9144.php http://www.securityfocus.com/bid/4799 •