CVE-2007-4459
CVE-2007-4459
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/4298unverifiedexploitdbwww.exploit-db.com/exploits/4297unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.htmlhttp://secunia.com/advisories/26547http://securityreason.com/securityalert/3042http://securitytracker.com/id?1018591https://exchange.xforce.ibmcloud.com/vulnerabilities/36125http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtmlhttp://www.osvdb.org/36695http://www.securityfocus.com/bid/25378http://www.vupen.com/english/advisories/2007/2928