CVE-2007-4553 - OpenCVE

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Thomson	St 2030 Sip Phone

Configuration 1 [-]

cpe:2.3:h:thomson:st_2030_sip_phone:1:1.52.1_firmware:*:*:*:*:*:*

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.html
http://secunia.com/advisories/26587
http://securityreason.com/securityalert/3075
http://www.securityfocus.com/bid/25446
http://www.securitytracker.com/id?1018603
http://www.vupen.com/english/advisories/2007/2988
https://exchange.xforce.ibmcloud.com/vulnerabilities/36217

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-28T00:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-08-27T00:00:00

Link: CVE-2007-4553

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-28T00:17:00.000

Modified: 2017-07-29T01:33:00.660

Link: CVE-2007-4553

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26587", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26587"}, {"name": "25446", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25446"}, {"name": "ADV-2007-2988", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2988"}, {"name": "20070823 DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.html"}, {"name": "thomson-sip-dos(36217)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36217"}, {"name": "3075", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3075"}, {"name": "1018603", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018603"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4553", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26587", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26587"}, {"name": "25446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25446"}, {"name": "ADV-2007-2988", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2988"}, {"name": "20070823 DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.html"}, {"name": "thomson-sip-dos(36217)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36217"}, {"name": "3075", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3075"}, {"name": "1018603", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018603"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4553", "datePublished": "2007-08-28T00:00:00", "dateReserved": "2007-08-27T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:thomson:st_2030_sip_phone:1:1.52.1_firmware:*:*:*:*:*:*", "matchCriteriaId": "55E242E7-F936-4A87-A555-141ECF9B028A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number."}, {"lang": "es", "value": "El tel\u00e9fono Thomson ST 2030 SIP con software 1.52.1 permite a atacantes remotos provocar denegaci\u00f3n de servicio (cuelgue de dispositivo) a trav\u00e9s de una mensaje INVITE con un cabecera Via que contiene una '/' (barra) en vez del espacio requerido despu\u00e9s del n\u00famero de versi\u00f3n SIP."}], "id": "CVE-2007-4553", "lastModified": "2017-07-29T01:33:00.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-28T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26587"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3075"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25446"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018603"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2988"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36217"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}