Summaryinfo

A vulnerability classified as problematic was found in Siemens Phone. The affected element is an unknown function of the component SMS. Executing a manipulation can lead to denial of service. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic was found in Siemens Phone (version unknown). This vulnerability affects an unknown function of the component SMS. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was presented 03/02/2003 by subj subj as not defined posting (Bugtraq). The advisory is shared for download at securityfocus.com. The attack can be initiated remotely. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499.

As 0-day the estimated underground price was around $5k-$25k.

Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at securityfocus.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 7004†). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Siemens

Name

• Phone

License

• commercial

Website

• Vendor: https://www.siemens.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion