CVE-2007-4293 - Vulnerability Details - OpenCVE

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios:12.0:::::::*
	cpe:2.3:o:cisco:ios:12.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*

No data.

References

Link	Providers
http://osvdb.org/36668
http://osvdb.org/36669
http://secunia.com/advisories/26363
http://securitytracker.com/id?1018533
http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml
http://www.securityfocus.com/bid/25239
http://www.vupen.com/english/advisories/2007/2816
https://exchange.xforce.ibmcloud.com/vulnerabilities/35907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-09T21:00:00

Updated: 2024-08-07T14:53:54.250Z

Reserved: 2007-08-09T00:00:00

Link: CVE-2007-4293

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-09T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4293

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) \"abnormal\" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36668", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36668"}, {"name": "ADV-2007-2816", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2816"}, {"name": "1018533", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018533"}, {"name": "25239", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25239"}, {"name": "26363", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26363"}, {"name": "oval:org.mitre.oval:def:5801", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801"}, {"name": "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml"}, {"name": "36669", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36669"}, {"name": "cisco-ios-facsimile-dos(35907)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) \"abnormal\" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36668", "refsource": "OSVDB", "url": "http://osvdb.org/36668"}, {"name": "ADV-2007-2816", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2816"}, {"name": "1018533", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018533"}, {"name": "25239", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25239"}, {"name": "26363", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26363"}, {"name": "oval:org.mitre.oval:def:5801", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801"}, {"name": "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml"}, {"name": "36669", "refsource": "OSVDB", "url": "http://osvdb.org/36669"}, {"name": "cisco-ios-facsimile-dos(35907)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:54.250Z"}, "title": "CVE Program Container", "references": [{"name": "36668", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36668"}, {"name": "ADV-2007-2816", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2816"}, {"name": "1018533", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018533"}, {"name": "25239", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25239"}, {"name": "26363", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26363"}, {"name": "oval:org.mitre.oval:def:5801", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801"}, {"name": "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml"}, {"name": "36669", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36669"}, {"name": "cisco-ios-facsimile-dos(35907)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35907"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4293", "datePublished": "2007-08-09T21:00:00", "dateReserved": "2007-08-09T00:00:00", "dateUpdated": "2024-08-07T14:53:54.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F86F790-6247-42F2-9487-3D60A2842F52", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "0668C45B-9D25-424B-B876-C1721BFFE5DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) \"abnormal\" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505."}, {"lang": "es", "value": "Cisco IOS 12.0 hasta la 12.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del dispositivo) a trav\u00e9s de (1) mensajes MGCP \"an\u00f3malos\", tambi\u00e9n conocido como CSCsd81407, y (2) un paquete facsimile grande, tambi\u00e9n conocido como CSCej20505."}], "id": "CVE-2007-4293", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-09T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36668"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36669"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26363"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018533"}, {"source": "cve@mitre.org", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25239"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2816"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35907"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2816"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5801"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}