CVE-2007-4459: Input Validation
First published: Tue Aug 21 2007(Updated: )
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco VoIP Phone CP-7940 | <=8.70 | |
| Cisco VoIP Phone CP-7940 | =3.0-p0s3-08-6-00_firmware | |
| Cisco VoIP Phone CP-7940 | =3.1-p0s3-08-6-00_firmware | |
| Cisco VoIP Phone CP-7940 | =3.2-p0s3-08-6-00_firmware | |
| Cisco VoIP Phone CP-7940 | =8.6-p0s3-08-6-00_firmware | |
| Cisco VoIP Phone CP-7960 | <=8.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065401.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065402.html
- http://www.securityfocus.com/bid/25378
- http://secunia.com/advisories/26547
- http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml
- http://www.osvdb.org/36695
- http://securitytracker.com/id?1018591
- http://securityreason.com/securityalert/3042
- http://www.vupen.com/english/advisories/2007/2928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36125
Frequently Asked Questions
What is the severity of CVE-2007-4459?
CVE-2007-4459 is classified as a medium severity vulnerability that can lead to denial of service via device reboot.
How do I fix CVE-2007-4459?
Updating the firmware to version 8.7(0) or later on affected Cisco IP Phone models will resolve CVE-2007-4459.
What devices are impacted by CVE-2007-4459?
CVE-2007-4459 affects Cisco IP Phone models 7940 and 7960 with firmware versions up to 8.6.
What type of attack does CVE-2007-4459 enable?
CVE-2007-4459 enables remote attackers to cause a denial of service through specific sequences of invalid SIP messages.
Is there a workaround for CVE-2007-4459?
There are no specific workarounds for CVE-2007-4459; the only definitive solution is to apply the firmware update.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco voip phone cp-7940
- version/cisco voip phone cp-7940/3.0-p0s3-08-6-00_firmware
- version/cisco voip phone cp-7940/3.1-p0s3-08-6-00_firmware
- version/cisco voip phone cp-7940/8.6-p0s3-08-6-00_firmware
- canonical/cisco voip phone cp-7960
- version/cisco voip phone cp-7960/8.70
- version/cisco voip phone cp-7940/3.2-p0s3-08-6-00_firmware
- version/cisco voip phone cp-7940/8.70