Описание
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
Ссылки
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cisco:ip_phone_7940_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7940:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:cisco:ip_phone_7960_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7960:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
EPSS
Процентиль: 58%
0.00363
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347