Cisco IP Phone 7902 DNS Packet Compression containing denial of service
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.2 | $0-$5k | 0.00 |
A vulnerability was found in Cisco IP Phone 7902 (IP Phone Software). It has been declared as critical. Affected by this vulnerability is an unknown function of the file containing of the component DNS Packet Compression Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.
The bug was discovered 05/24/2005. The weakness was shared 05/24/2005 by Dr. Steve Beaty with Metropolitan State College of Denver (Website). It is possible to read the advisory at cisco.com. This vulnerability is known as CVE-2005-4794 since 05/02/2006. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.
We expect the 0-day to have been worth approximately $5k-$25k.
Upgrading to version 8.10.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at cisco.com. The best possible mitigation is suggested to be patching the affected component. Attack attempts may be identified with Snort ID 15991.
The vulnerability is also documented in the vulnerability database at X-Force (20712). The entries 1524, 1520, 1530 and 1533 are related to this item.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
ATT&CK: T1499
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Upgrade: IP Phone 8.10.3
Patch: cisco.com
Snort ID: 15991
Timeline
05/24/2005 🔍05/24/2005 🔍
05/24/2005 🔍
06/07/2005 🔍
12/31/2005 🔍
04/22/2006 🔍
05/02/2006 🔍
05/06/2006 🔍
07/03/2019 🔍
Sources
Vendor: cisco.comAdvisory: cisco.com
Researcher: Dr. Steve Beaty
Organization: Metropolitan State College of Denver
Status: Confirmed
CVE: CVE-2005-4794 (🔍)
X-Force: 20712 - Multiple vendor compressed DNS packet denial of service, Medium Risk
SecurityTracker: 1015975
SecurityFocus: 13729 - Multiple Vendor DNS Message Decompression Remote Denial of Service Vulnerability
Secunia: 15472 - Cisco Various Products Compressed DNS Messages Denial of Service, Less Critical
OSVDB: 25291 - Multiple Vendor Crafted Compressed DNS Packet DoS
See also: 🔍
Entry
Created: 06/07/2005 12:31Updated: 07/03/2019 10:35
Changes: 06/07/2005 12:31 (73), 07/03/2019 10:35 (8)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.