Lucene search

[email protected]CVE-2007-4498

HistoryAug 23, 2007 - 7:17 p.m.

CVE-2007-4498

2007-08-2319:17:00

[email protected]

web.nvd.nist.gov

grandstream

sip phone

gxv-3000

firmware

vulnerability

eavesdropping

denial of service

sip invie

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.776 High

EPSS

Percentile

98.2%

JSON

The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone’s local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain “SIP/2.0 183 Session Progress” message.

Affected configurations

NVD

Node

grandstreamsip_phoneMatchgxv-30001.0.0.18_boot

grandstreamsip_phoneMatchgxv-30001.0.0.6_loader

grandstreamsip_phoneMatchgxv-30001.0.1.7_firmware

CPENameOperatorVersion
grandstream:sip_phonegrandstream sip phoneeqgxv-3000

CPE	Name	Operator	Version
grandstream:sip_phone	grandstream sip phone	eq	gxv-3000

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html

osvdb.org/40185

secunia.com/advisories/26568

securityreason.com/securityalert/3059

www.securityfocus.com/bid/25399

www.securitytracker.com/id?1018598

www.vupen.com/english/advisories/2007/2970

exchange.xforce.ibmcloud.com/vulnerabilities/36170

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.776 High

EPSS

Percentile

98.2%

JSON

Related for CVE-2007-4498

prion1 cvelist1 nvd1