Lucene search

PRIOn knowledge basePRION:CVE-2007-1590

HistoryMar 21, 2007 - 11:19 p.m.

Design/Logic Flaw

2007-03-2123:19:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.244 Low

EPSS

Percentile

96.5%

JSON

The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.

CPENameOperatorVersion
budgetone_200eq1.1.1.5
budgetone_200eq1.1.1.14

CPE	Name	Operator	Version
	budgetone_200	eq	1.1.1.5
	budgetone_200	eq	1.1.1.14

References

lists.grok.org.uk/pipermail/full-disclosure/2007-March/053099.html

osvdb.org/34347

secunia.com/advisories/24538

www.securityfocus.com/bid/23075

www.securitytracker.com/id?1017804

www.vupen.com/english/advisories/2007/1054

exchange.xforce.ibmcloud.com/vulnerabilities/33108

7.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.244 Low

EPSS

Percentile

96.5%

JSON

Related for PRION:CVE-2007-1590