Lucene search

CiscoCVE-2008-0531

HistoryFeb 15, 2008 - 2:00 a.m.

CVE-2008-0531

2008-02-1502:00:00

CWE-119

cisco

web.nvd.nist.gov

cisco

unified ip phone

sip

buffer overflow

cve-2008-0531

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.005

Percentile

77.4%

JSON

Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.

Affected configurations

Nvd

Node

ciscounified_ip_phoneMatch7906g

ciscounified_ip_phoneMatch7911g

ciscounified_ip_phoneMatch7935

ciscounified_ip_phoneMatch7936

ciscounified_ip_phoneMatch7940

ciscounified_ip_phoneMatch7940g

ciscounified_ip_phoneMatch7941g

ciscounified_ip_phoneMatch7960

ciscounified_ip_phoneMatch7960g

ciscounified_ip_phoneMatch7961g

ciscounified_ip_phoneMatch7970g

ciscounified_ip_phoneMatch7971g

AND

ciscoskinny_client_control_protocol_\(sccp\)_firmware

Node

ciscounified_ip_phoneMatch7940

ciscounified_ip_phoneMatch7940g

ciscounified_ip_phoneMatch7960

ciscounified_ip_phoneMatch7960g

AND

ciscosession_initiation_protocol_\(sip\)_firmware

VendorProductVersionCPE
ciscounified_ip_phone7906gcpe:2.3:h:cisco:unified_ip_phone:7906g:*:*:*:*:*:*:*
ciscounified_ip_phone7911gcpe:2.3:h:cisco:unified_ip_phone:7911g:*:*:*:*:*:*:*
ciscounified_ip_phone7935cpe:2.3:h:cisco:unified_ip_phone:7935:*:*:*:*:*:*:*
ciscounified_ip_phone7936cpe:2.3:h:cisco:unified_ip_phone:7936:*:*:*:*:*:*:*
ciscounified_ip_phone7940cpe:2.3:h:cisco:unified_ip_phone:7940:*:*:*:*:*:*:*
ciscounified_ip_phone7940gcpe:2.3:h:cisco:unified_ip_phone:7940g:*:*:*:*:*:*:*
ciscounified_ip_phone7941gcpe:2.3:h:cisco:unified_ip_phone:7941g:*:*:*:*:*:*:*
ciscounified_ip_phone7960cpe:2.3:h:cisco:unified_ip_phone:7960:*:*:*:*:*:*:*
ciscounified_ip_phone7960gcpe:2.3:h:cisco:unified_ip_phone:7960g:*:*:*:*:*:*:*
ciscounified_ip_phone7961gcpe:2.3:h:cisco:unified_ip_phone:7961g:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_ip_phone	7906g	cpe:2.3:h:cisco:unified_ip_phone:7906g:::::::*
cisco	unified_ip_phone	7911g	cpe:2.3:h:cisco:unified_ip_phone:7911g:::::::*
cisco	unified_ip_phone	7935	cpe:2.3:h:cisco:unified_ip_phone:7935:::::::*
cisco	unified_ip_phone	7936	cpe:2.3:h:cisco:unified_ip_phone:7936:::::::*
cisco	unified_ip_phone	7940	cpe:2.3:h:cisco:unified_ip_phone:7940:::::::*
cisco	unified_ip_phone	7940g	cpe:2.3:h:cisco:unified_ip_phone:7940g:::::::*
cisco	unified_ip_phone	7941g	cpe:2.3:h:cisco:unified_ip_phone:7941g:::::::*
cisco	unified_ip_phone	7960	cpe:2.3:h:cisco:unified_ip_phone:7960:::::::*
cisco	unified_ip_phone	7960g	cpe:2.3:h:cisco:unified_ip_phone:7960g:::::::*
cisco	unified_ip_phone	7961g	cpe:2.3:h:cisco:unified_ip_phone:7961g:::::::*

Rows per page:

1-10 of 141

References

secunia.com/advisories/28935

www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml

www.securityfocus.com/bid/27774

www.securitytracker.com/id?1019411

www.vupen.com/english/advisories/2008/0543

exchange.xforce.ibmcloud.com/vulnerabilities/40498

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.005

Percentile

77.4%

JSON

Related for CVE-2008-0531