Lucene search

[email protected]CVE-2006-0189

HistoryJan 13, 2006 - 11:03 a.m.

CVE-2006-0189

2006-01-1311:03:00

[email protected]

web.nvd.nist.gov

cve-2006-0189

buffer overflow

estara softphone

remote code execution

sip packet

udp port 5060

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.207 Low

EPSS

Percentile

96.4%

JSON

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka “a”) field in the SDP data of a SIP packet on UDP port 5060.

Affected configurations

NVD

Node

estarasoftphoneMatch3.0.1.14

estarasoftphoneMatch3.0.1.46

CPENameOperatorVersion
estara:softphoneestara softphoneeq3.0.1.14
estara:softphoneestara softphoneeq3.0.1.46

CPE	Name	Operator	Version
estara:softphone	estara softphone	eq	3.0.1.14
estara:softphone	estara softphone	eq	3.0.1.46

References

secunia.com/advisories/18410

securitytracker.com/id?1015481

www.osvdb.org/22348

www.securityfocus.com/archive/1/421596/100/0/threaded

www.securityfocus.com/bid/16213

www.vupen.com/english/advisories/2006/0167

exchange.xforce.ibmcloud.com/vulnerabilities/24090

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.207 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2006-0189

nessus1 prion1 cvelist1 nvd1