CVE-2003-1109

Sažetak

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Reference

http://www.cert.org/advisories/CA-2003-06.html
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
http://www.kb.cert.org/vuls/id/528719
http://www.securityfocus.com/bid/6904
http://www.securitytracker.com/id?1006143
http://www.securitytracker.com/id?1006144
http://www.securitytracker.com/id?1006145
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

31-12-2003 - 05:00