Vulnerabilities > CVE-2007-0648 - Unspecified vulnerability in Cisco IOS

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus

Summary

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20070131-SIPHTTP.NASL
    descriptionCisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP. There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability. Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.
    last seen2019-10-28
    modified2010-09-01
    plugin id48999
    published2010-09-01
    reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48999
    titleSIP Packets Reload IOS Devices with support for SIP
  • NASL familyCISCO
    NASL idCSCSH58082.NASL
    descriptionThe remote version of IOS contains a flaw that could cause the remote router to crash when it receives a malicious SIP (Session Initiation Protocol) packet. An attacker might use these flaws to disable this device remotely.
    last seen2020-06-01
    modified2020-06-02
    plugin id24740
    published2007-03-01
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24740
    titleCisco IOS SIP Packet Handling Remote DoS (CSCsh58082)

Oval

accepted2010-06-14T04:00:02.671-04:00
classvulnerability
contributors
  • nameYuzheng Zhou
    organizationHewlett-Packard
  • nameKASHIF LATIF
    organizationDTCC
descriptionCisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
familyios
idoval:org.mitre.oval:def:5138
statusaccepted
submitted2008-05-26T11:06:36.000-04:00
titleCisco IOS Device SIP Support DoS Vulnerability
version6