Описание
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:h:cisco:unified_ip_phone:7906g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7911g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7935:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7936:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7940:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7940g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7941g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7960:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7960g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7961g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7970g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7971g:*:*:*:*:*:*:*
cpe:2.3:a:cisco:skinny_client_control_protocol_\(sccp\)_firmware:*:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:h:cisco:unified_ip_phone:7940:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7940g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7960:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone:7960g:*:*:*:*:*:*:*
cpe:2.3:a:cisco:session_initiation_protocol_\(sip\)_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01533
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.
EPSS
Процентиль: 81%
0.01533
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-119