VAR-200702-0384

Vulnerability from variot - Updated: 2025-04-10 23:14

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Exploitation of this vulnerability may result in a denial-of-service condition. According to Cisco Systems' information, it is not necessary for the specific affected version. SIP port (5060/TCP,UDP) Is reported to be open by default.Crafted by a third party SIP By processing the packet, SIP Service works Cisco IOS Device is out of service (DoS) It may be in a state. This issue affects only devices that support voice communications but don't have SIP enabled. Attackers can exploit this issue to reload a vulnerable device. IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well. In addition, some IOS versions that support SIP services may process SIP messages even if no SIP operations are configured. If you want to process SIP messages, IOS needs to open UDP port 5060 and TCP port 5060 for listening. Devices not listening on TCP 5060 or UDP 5060 are not affected by the vulnerability. Since SIP uses UDP for transport, it is possible to spoof the IP address of the sender, which can invalidate ACLs that allow traffic from trusted IP addresses to those ports

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200702-0384",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios 12.4",
        "scope": null,
        "trust": 2.1,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "cisco",
        "version": "12.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3yg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3yk"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3\\(14\\)t5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3\\(14\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3yt"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3\\(14\\)t4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3\\(14\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3ym"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3yq"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.3yu"
      },
      {
        "model": "ios 12.4 t",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)xa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(3\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(5\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(9\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xt"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)t1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4mr"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(3d\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)t3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)xb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(3\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(6\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(4\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(5b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.3yx"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(4\\)mr"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(7\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(1b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(8\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(7a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(4\\)t2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4sw"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(1c\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)mr"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)xb2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)t4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(6\\)t1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(1\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(3b\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(3a\\)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xd"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4xg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.4\\(2\\)mr1"
      },
      {
        "model": "ios 12.4 t2",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.3"
      },
      {
        "model": "ios 12.4 t1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 mr",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xt",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xj",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4xa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4sw",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4mr",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.4(8)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.4(7)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.4(5)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.4(3)"
      },
      {
        "model": "ios 12.4 xb2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 xb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 xa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 t4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 t3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.4 mr1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.4(1)"
      },
      {
        "model": "ios 12.3yx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yu",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yt",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yq",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3ym",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yk",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3yf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3xy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.3xx"
      },
      {
        "model": "ios 12.3xw",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3xu",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3xr",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3xq",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3xh",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3 t5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3 t4",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3 t2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.3 t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "BID",
        "id": "22330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0648",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-0648",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-24010",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-0648",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#438176",
            "trust": 0.8,
            "value": "33.08"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-0648",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-564",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24010",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Exploitation of this vulnerability may result in a denial-of-service condition. According to Cisco Systems\u0027 information, it is not necessary for the specific affected version. SIP port (5060/TCP,UDP) Is reported to be open by default.Crafted by a third party SIP By processing the packet, SIP Service works Cisco IOS Device is out of service (DoS) It may be in a state. \nThis issue affects only devices that support voice communications but don\u0027t have SIP enabled. \nAttackers can exploit this issue to reload a vulnerable device. \nIOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well. In addition, some IOS versions that support SIP services may process SIP messages even if no SIP operations are configured. If you want to process SIP messages, IOS needs to open UDP port 5060 and TCP port 5060 for listening. Devices not listening on TCP 5060 or UDP 5060 are not affected by the vulnerability. Since SIP uses UDP for transport, it is possible to spoof the IP address of the sender, which can invalidate ACLs that allow traffic from trusted IP addresses to those ports",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      },
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "BID",
        "id": "22330"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22330",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#438176",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "23978",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1017575",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0428",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20070131 SIP PACKET RELOADS IOS DEVICES NOT CONFIGURED FOR SIP",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "31990",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5138",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "db": "BID",
        "id": "22330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "id": "VAR-200702-0384",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:14:24.170000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "81816",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/US/products/products_security_response09186a00807d36f5.html"
      },
      {
        "title": "cisco-sa-20070131-sip",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/22330"
      },
      {
        "trust": 2.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/438176"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/23978"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017575"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/0428"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5138"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0428"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31990"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a00807d36f5.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/23978/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/univercd/cc/td/doc/product/voice/sipsols/biggulp/bgsipov.htm"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc2543"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2007/jan/1017575.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0648"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2007/at070003.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23438176/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0648"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/31990"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5138"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/458661"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "db": "BID",
        "id": "22330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "db": "BID",
        "id": "22330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "date": "2007-02-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "date": "2007-01-31T00:00:00",
        "db": "BID",
        "id": "22330"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "date": "2007-01-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "date": "2007-02-01T01:28:00",
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#438176"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24010"
      },
      {
        "date": "2015-05-12T19:34:00",
        "db": "BID",
        "id": "22330"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000112"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-0648"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS fails to properly handle Session Initiated Protocol packets",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#438176"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-564"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…