CVE-2007-4459
Last modified
CVE-2007-4459 is a vulnerability of currently unknown severity. Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.. EPSS estimates a 13.99% chance of exploitation in the next 30 days.
Description
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Voip Phone Cp-7940 | <= 8.70 | P0s3-08-6-00 Firmware |
| Cisco | Voip Phone Cp-7940 | 3.0 | P0s3-08-6-00 Firmware |
| Cisco | Voip Phone Cp-7940 | 3.1 | P0s3-08-6-00 Firmware |
| Cisco | Voip Phone Cp-7940 | 3.2 | P0s3-08-6-00 Firmware |
| Cisco | Voip Phone Cp-7940 | 8.6 | P0s3-08-6-00 Firmware |
| Cisco | Voip Phone Cp-7960 | <= 8.70 | P0s3-08-6-00 Firmware |
References
- http://secunia.com/advisories/26547Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2928Vendor Advisory
- http://secunia.com/advisories/26547Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2928Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4459?
How severe is CVE-2007-4459?
How do I fix CVE-2007-4459?
Are you affected by CVE-2007-4459?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST