CVE-2007-0648
published 2007-02-01CVE-2007-0648: Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers…
high7.8CVSS 3.1
AVNACLAuNCNINAC
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
Cisco
SIP Packets Reload IOS Devices with support for SIP
vendor_cisco·2007-01-31·CVSS 3.3
CVE-2007-0648 [LOW] CWE-399 SIP Packets Reload IOS Devices with support for SIP
SIP Packets Reload IOS Devices with support for SIP
Cisco devices running an affected version of Internetwork Operating
System (IOS) which supports Session Initiation Protocol (SIP) are affected by a
vulnerability that may lead to a reload of the device when receiving a specific
series of packets destined to port 5060. This issue is compounded by a related
bug which allows traffic to TCP 5060 and UDP port 5060 on devices not
configured for SIP.
There are no known instances of intentional exploitation of this issue.
However, Cisco has observed data streams that appear to be unintentionally
triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices
which do not require SIP.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/con
Cisco
SIP Packets Reload IOS Devices with support for SIP
vendor_cisco
CVE-2007-0648 SIP Packets Reload IOS Devices with support for SIP
CVE-2007-0648: SIP Packets Reload IOS Devices with support for SIP
Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP. There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
CWE: CWE-399, CWE-399
Bug IDs: CSCsb25337, CSCsh58082, CSCsh58082, CSCsb25337, CSCsh58082
GHSA
GHSA-2mfh-qqrx-9f28: Cisco IOS after 12
ghsa_unreviewed·2022-05-01
CVE-2007-0648 [HIGH] GHSA-2mfh-qqrx-9f28: Cisco IOS after 12
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/23978http://securitytracker.com/id?1017575http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtmlhttp://www.kb.cert.org/vuls/id/438176http://www.securityfocus.com/bid/22330http://www.vupen.com/english/advisories/2007/0428https://exchange.xforce.ibmcloud.com/vulnerabilities/31990https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5138http://secunia.com/advisories/23978http://securitytracker.com/id?1017575http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtmlhttp://www.kb.cert.org/vuls/id/438176http://www.securityfocus.com/bid/22330http://www.vupen.com/english/advisories/2007/0428https://exchange.xforce.ibmcloud.com/vulnerabilities/31990https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5138
2007-02-01
Published