Lucene search

[email protected]CVE-2007-4498

HistoryAug 23, 2007 - 7:17 p.m.

CVE-2007-4498

2007-08-2319:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

grandstream

sip phone

gxv-3000

firmware

vulnerability

eavesdropping

denial of service

sip invie

nvd

7.5 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

0.798 High

EPSS

Percentile

98.3%

JSON

The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone’s local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain “SIP/2.0 183 Session Progress” message.

CPENameOperatorVersion
grandstream:sip_phonegrandstream sip phoneeqgxv-3000

CPE	Name	Operator	Version
grandstream:sip_phone	grandstream sip phone	eq	gxv-3000

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html

osvdb.org/40185

secunia.com/advisories/26568

securityreason.com/securityalert/3059

www.securityfocus.com/bid/25399

www.securitytracker.com/id?1018598

www.vupen.com/english/advisories/2007/2970

exchange.xforce.ibmcloud.com/vulnerabilities/36170

7.5 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

0.798 High

EPSS

Percentile

98.3%

JSON

Related for CVE-2007-4498

prion1