CVE-2007-0648Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios53 versions+52

Patches

Patch: www.cisco.comPatch: www.kb.cert.orgPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-2mfh-qqrx-9f28: Cisco IOS after 122022-05-01
CVEList
CVE-2007-0648: Cisco IOS after 122007-02-01

📋Vendor Advisories

1
Cisco
SIP Packets Reload IOS Devices with support for SIP2007-01-31
CVE-2007-0648 — Cisco IOS vulnerability | cvebase