Detections
Analytics

Cisco IP Phone Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2007-5583)

high Tenable OT Security Plugin ID 502741

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service (486 Busy responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?1da9cd74

http://www.nessus.org/u?851ab460

http://seclists.org/fulldisclosure/2007/Dec/0196.html

http://www.securityfocus.com/bid/26711

http://www.securitytracker.com/id?1019059

https://exchange.xforce.ibmcloud.com/vulnerabilities/38853

https://www.exploit-db.com/exploits/4692

Plugin Details

Severity: High

ID: 502741

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2007-5583

Vulnerability Information

CPE: cpe:/h:cisco:ip_phone_7940::firmware_p0s3-08-7-00

Required KB Items: Tenable.ot/Cisco

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/18/2007

Vulnerability Publication Date: 12/18/2007

Reference Information

CVE: CVE-2007-5583

CWE: 119