Vulnerabilities > CVE-2002-0882 - Denial Of Service vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 | |
| OS | 3 |
Nessus
| NASL family | CISCO |
| NASL id | CISCO_VOIP_DOS.NASL |
| description | The remote host appears to be a Cisco IP phone. It was possible to reboot this device by requesting : http://<phone-ip>/StreamingStatistics?120000 This device likely has other vulnerabilities that Nessus has not checked for. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11013 |
| published | 2002-06-05 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11013 |
| title | Cisco VoIP Phone Multiple Script Malformed Request DoS |
References
- http://online.securityfocus.com/archive/1/273673
- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
- http://www.iss.net/security_center/static/9142.php
- http://www.iss.net/security_center/static/9143.php
- http://www.securityfocus.com/bid/4794
- http://www.securityfocus.com/bid/4798