Sign-up

ID

VAR-200706-0412


CVE

CVE-2007-3351


TITLE

SJPhone SIP Phone Invite Transaction Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 24549 // CNNVD: CNNVD-200706-371

DESCRIPTION

The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. The SJPhone SIP phone is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP messages. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. This transaction will cause the phone to send many RTP packets

Trust: 1.98

sources: NVD: CVE-2007-3351 // JVNDB: JVNDB-2007-005733 // BID: 24549 // VULHUB: VHN-26713

AFFECTED PRODUCTS

vendor:sjmodel:sjphonescope:eqversion:1.60.303c

Trust: 1.8

vendor:microsoftmodel:windows mobilescope:eqversion:2003

Trust: 0.6

vendor:sjphonemodel:sip soft phonescope:eqversion:0

Trust: 0.3

sources: BID: 24549 // JVNDB: JVNDB-2007-005733 // CNNVD: CNNVD-200706-371 // NVD: CVE-2007-3351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3351
value: HIGH

Trust: 1.0

NVD: CVE-2007-3351
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-371
value: HIGH

Trust: 0.6

VULHUB: VHN-26713
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3351
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26713
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26713 // JVNDB: JVNDB-2007-005733 // CNNVD: CNNVD-200706-371 // NVD: CVE-2007-3351

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-371

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200706-371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005733

PATCH
title:Top Pageurl:http://www.sjphone.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005733

EXTERNAL IDS
db:NVDid:CVE-2007-3351
Trust: 2.8
db:BIDid:24549
Trust: 2.0
db:JVNDBid:JVNDB-2007-005733
Trust: 0.8
db:CNNVDid:CNNVD-200706-371
Trust: 0.7
db:VULHUBid:VHN-26713
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26713 // 
            
            
            
            BID: 24549 // 
            
            
            
            JVNDB: JVNDB-2007-005733 // 
            
            
            
            CNNVD: CNNVD-200706-371 // 
            
            
            
            NVD: CVE-2007-3351

REFERENCES
url:http://www.securityfocus.com/bid/24549
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35078
Trust: 1.1
url:http://www.sipera.com/index.php?action=resources%2cthreat_advisory&tid=217&
Trust: 1.0
url:http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3351
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3351
Trust: 0.8
url:http://www.sjlabs.com/
Trust: 0.3
url:http://www.sipera.com/index.php?action=resources,threat_advisory&tid=217&
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26713 // 
            
            
            
            BID: 24549 // 
            
            
            
            JVNDB: JVNDB-2007-005733 // 
            
            
            
            CNNVD: CNNVD-200706-371 // 
            
            
            
            NVD: CVE-2007-3351

CREDITS
Sipera VIPER Lab is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 24549 // 
            
            
            
            CNNVD: CNNVD-200706-371

SOURCES
db:VULHUBid:VHN-26713
db:BIDid:24549
db:JVNDBid:JVNDB-2007-005733
db:CNNVDid:CNNVD-200706-371
db:NVDid:CVE-2007-3351

LAST UPDATE DATE
2024-08-14T13:59:53.862000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26713date:2017-07-29T00:00:00
db:BIDid:24549date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-005733date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200706-371date:2007-06-25T00:00:00
db:NVDid:CVE-2007-3351date:2023-11-07T02:00:48.157

SOURCES RELEASE DATE
db:VULHUBid:VHN-26713date:2007-06-22T00:00:00
db:BIDid:24549date:2007-06-19T00:00:00
db:JVNDBid:JVNDB-2007-005733date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200706-371date:2007-06-22T00:00:00
db:NVDid:CVE-2007-3351date:2007-06-22T18:30:00