CVE-2007-4291
published 2007-08-09CVE-2007-4291: Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a…
high7.1CVSS 3.1
AVNACMAuNCNINAC
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios_and_cisco_unified_communications_manager | — | — |
Cisco
Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
vendor_cisco·2007-08-08·CVSS 10.0
CVE-2007-4291 [CRITICAL] CWE-399 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
Multiple voice-related vulnerabilities are identified in Cisco IOS
software, one of which is also shared with Cisco Unified Communications
Manager. These vulnerabilities pertain to the following protocols or features:
Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
Signaling protocols H.323, H.254
Real-time Transport Protocol (RTP)
Facsimile reception
Cisco has made free software available to address these
vulnerabilities for affected customers. Fixed Cisco IOS software listed in the
Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from
Cisco
Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
vendor_cisco
CVE-2007-4291 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
CVE-2007-4291: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory. There are no
CWE: CWE-399, CWE-94, CWE-399, CWE-94
Bug IDs: CSCeb21064, CSCsb24007, CSCsc6024
GHSA
GHSA-359p-85h2-2793: Cisco IOS 12
ghsa_unreviewed·2022-05-01
CVE-2007-4291 [HIGH] GHSA-359p-85h2-2793: Cisco IOS 12
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/36677http://osvdb.org/36678http://osvdb.org/36679http://osvdb.org/36680http://osvdb.org/36681http://secunia.com/advisories/26363http://securitytracker.com/id?1018533http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtmlhttp://www.securityfocus.com/bid/25239http://www.vupen.com/english/advisories/2007/2816https://exchange.xforce.ibmcloud.com/vulnerabilities/35903https://exchange.xforce.ibmcloud.com/vulnerabilities/35904https://exchange.xforce.ibmcloud.com/vulnerabilities/35905https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5570http://osvdb.org/36677http://osvdb.org/36678http://osvdb.org/36679http://osvdb.org/36680http://osvdb.org/36681http://secunia.com/advisories/26363http://securitytracker.com/id?1018533http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtmlhttp://www.securityfocus.com/bid/25239http://www.vupen.com/english/advisories/2007/2816https://exchange.xforce.ibmcloud.com/vulnerabilities/35903https://exchange.xforce.ibmcloud.com/vulnerabilities/35904https://exchange.xforce.ibmcloud.com/vulnerabilities/35905https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5570
2007-08-09
Published