Details of VAR-200604-0339

ID

VAR-200604-0339

CVE

CVE-2006-1973

TITLE

Linksys RT31P2 VoIP router denial of service vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#621566

DESCRIPTION

Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. Linksys RT31P2 is a broadband router that supports VoIP phone functions. This issue allows remote attackers to crash affected devices, denying service to legitimate users. SOLUTION: The product has reportedly been discontinued. Filter traffic or use another product. PROVIDED AND/OR DISCOVERED BY: Peter Thermos and Guy Hadsall, Telcordia. ORIGINAL ADVISORY: US-CERT VU#621566: http://www.kb.cert.org/vuls/id/621566 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2006-1973 // CERT/CC: VU#621566 // CNVD: CNVD-2006-2459 // BID: 17631 // VULHUB: VHN-18081 // PACKETSTORM: 45619

AFFECTED PRODUCTS

vendor:	linksys	model:	rt31p2	scope:	eq	version:	*	Trust: 1.0
vendor:	linksys a division of cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	rt31p2	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	rt31p2 voip router	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#621566 // CNVD: CNVD-2006-2459 // BID: 17631 // CNNVD: CNNVD-200604-420 // NVD: CVE-2006-1973

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1973
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#621566
value:	1.35
Trust: 0.8
CNNVD:	CNNVD-200604-420
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-18081
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-1973
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-18081
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#621566 // VULHUB: VHN-18081 // CNNVD: CNNVD-200604-420 // NVD: CVE-2006-1973

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1973

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-420

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200604-420

EXTERNAL IDS

db:	CERT/CC	id:	VU#621566	Trust: 2.9
db:	NVD	id:	CVE-2006-1973	Trust: 2.3
db:	BID	id:	17631	Trust: 2.0
db:	SECUNIA	id:	19722	Trust: 1.9
db:	VUPEN	id:	ADV-2006-1443	Trust: 1.7
db:	OSVDB	id:	24810	Trust: 1.7
db:	CNNVD	id:	CNNVD-200604-420	Trust: 0.7
db:	CNVD	id:	CNVD-2006-2459	Trust: 0.6
db:	XF	id:	25915	Trust: 0.6
db:	XF	id:	31	Trust: 0.6
db:	VULHUB	id:	VHN-18081	Trust: 0.1
db:	PACKETSTORM	id:	45619	Trust: 0.1

sources: CERT/CC: VU#621566 // CNVD: CNVD-2006-2459 // VULHUB: VHN-18081 // BID: 17631 // PACKETSTORM: 45619 // CNNVD: CNNVD-200604-420 // NVD: CVE-2006-1973

REFERENCES

url:	http://www.kb.cert.org/vuls/id/621566	Trust: 2.1
url:	http://www.securityfocus.com/bid/17631	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/mimg-6gmmw4	Trust: 1.7
url:	http://www.osvdb.org/24810	Trust: 1.7
url:	http://secunia.com/advisories/19722	Trust: 1.7
url:	http://www1.linksys.com/products/product.asp?grid=34&prid=652	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/1443	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25915	Trust: 1.1
url:	http://www.ietf.org/html.charters/sip-charter.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/25915	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1443	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/9456/	Trust: 0.1
url:	http://secunia.com/advisories/19722/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#621566 // VULHUB: VHN-18081 // BID: 17631 // PACKETSTORM: 45619 // CNNVD: CNNVD-200604-420 // NVD: CVE-2006-1973

CREDITS

Peter Thermos Guy Hadsall

Trust: 0.6

sources: CNNVD: CNNVD-200604-420

SOURCES

db:	CERT/CC	id:	VU#621566
db:	CNVD	id:	CNVD-2006-2459
db:	VULHUB	id:	VHN-18081
db:	BID	id:	17631
db:	PACKETSTORM	id:	45619
db:	CNNVD	id:	CNNVD-200604-420
db:	NVD	id:	CVE-2006-1973

LAST UPDATE DATE

2024-08-14T14:59:13.925000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#621566	date:	2006-05-05T00:00:00
db:	CNVD	id:	CNVD-2006-2459	date:	2006-04-20T00:00:00
db:	VULHUB	id:	VHN-18081	date:	2017-07-20T00:00:00
db:	BID	id:	17631	date:	2006-04-20T21:51:00
db:	CNNVD	id:	CNNVD-200604-420	date:	2006-04-25T00:00:00
db:	NVD	id:	CVE-2006-1973	date:	2017-07-20T01:31:04.507

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#621566	date:	2006-04-19T00:00:00
db:	CNVD	id:	CNVD-2006-2459	date:	2006-04-20T00:00:00
db:	VULHUB	id:	VHN-18081	date:	2006-04-21T00:00:00
db:	BID	id:	17631	date:	2006-04-20T00:00:00
db:	PACKETSTORM	id:	45619	date:	2006-04-25T22:06:23
db:	CNNVD	id:	CNNVD-200604-420	date:	2006-04-21T00:00:00
db:	NVD	id:	CVE-2006-1973	date:	2006-04-21T10:02:00