Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2003-1109

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Published

2003-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios	12.2\(1\)xa	Yes
Operating System	cisco	ios	12.2\(1\)xd	Yes
Operating System	cisco	ios	12.2\(1\)xd1	Yes
Operating System	cisco	ios	12.2\(1\)xd3	Yes
Operating System	cisco	ios	12.2\(1\)xd4	Yes
Operating System	cisco	ios	12.2\(1\)xe	Yes
Operating System	cisco	ios	12.2\(1\)xe2	Yes
Operating System	cisco	ios	12.2\(1\)xe3	Yes
Operating System	cisco	ios	12.2\(1\)xh	Yes
Operating System	cisco	ios	12.2\(1\)xq	Yes
Operating System	cisco	ios	12.2\(1\)xs	Yes
Operating System	cisco	ios	12.2\(1\)xs1	Yes
Operating System	cisco	ios	12.2\(2\)t4	Yes
Operating System	cisco	ios	12.2\(2\)xa	Yes
Operating System	cisco	ios	12.2\(2\)xa1	Yes
Operating System	cisco	ios	12.2\(2\)xa5	Yes
Operating System	cisco	ios	12.2\(2\)xb	Yes
Operating System	cisco	ios	12.2\(2\)xb3	Yes
Operating System	cisco	ios	12.2\(2\)xb4	Yes
Operating System	cisco	ios	12.2\(2\)xf	Yes
Operating System	cisco	ios	12.2\(2\)xg	Yes
Operating System	cisco	ios	12.2\(2\)xh	Yes
Operating System	cisco	ios	12.2\(2\)xh2	Yes
Operating System	cisco	ios	12.2\(2\)xh3	Yes
Operating System	cisco	ios	12.2\(2\)xi	Yes
Operating System	cisco	ios	12.2\(2\)xi1	Yes
Operating System	cisco	ios	12.2\(2\)xi2	Yes
Operating System	cisco	ios	12.2\(2\)xj	Yes
Operating System	cisco	ios	12.2\(2\)xj1	Yes
Operating System	cisco	ios	12.2\(2\)xk	Yes
Operating System	cisco	ios	12.2\(2\)xk2	Yes
Operating System	cisco	ios	12.2\(2\)xn	Yes
Operating System	cisco	ios	12.2\(2\)xt	Yes
Operating System	cisco	ios	12.2\(2\)xt3	Yes
Operating System	cisco	ios	12.2\(2\)xu	Yes
Operating System	cisco	ios	12.2\(2\)xu2	Yes
Operating System	cisco	ios	12.2\(11\)t	Yes
Operating System	cisco	ios	12.2t	Yes
Operating System	cisco	ios	12.2xa	Yes
Operating System	cisco	ios	12.2xb	Yes
Operating System	cisco	ios	12.2xc	Yes
Operating System	cisco	ios	12.2xd	Yes
Operating System	cisco	ios	12.2xe	Yes
Operating System	cisco	ios	12.2xf	Yes
Operating System	cisco	ios	12.2xg	Yes
Operating System	cisco	ios	12.2xh	Yes
Operating System	cisco	ios	12.2xi	Yes
Operating System	cisco	ios	12.2xj	Yes
Operating System	cisco	ios	12.2xk	Yes
Operating System	cisco	ios	12.2xl	Yes
Operating System	cisco	ios	12.2xm	Yes
Operating System	cisco	ios	12.2xn	Yes
Operating System	cisco	ios	12.2xq	Yes
Operating System	cisco	ios	12.2xr	Yes
Operating System	cisco	ios	12.2xs	Yes
Operating System	cisco	ios	12.2xt	Yes
Operating System	cisco	ios	12.2xw	Yes
Hardware	cisco	ip_phone_7940	*	Yes
Hardware	cisco	ip_phone_7960	*	Yes
Operating System	cisco	pix_firewall_software	5.2\(1\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(2\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(3.210\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(5\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(6\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(7\)	Yes
Operating System	cisco	pix_firewall_software	5.3	Yes
Operating System	cisco	pix_firewall_software	5.3\(1\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(1.200\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(2\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.0	Yes
Operating System	cisco	pix_firewall_software	6.0\(1\)	Yes
Operating System	cisco	pix_firewall_software	6.0\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.1\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.2\(1\)	Yes

References

http://www.cert.org/advisories/CA-2003-06.html Third Party Advisory, US Government Resource ([email protected])
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml Patch ([email protected])
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ Exploit ([email protected])
http://www.kb.cert.org/vuls/id/528719 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/6904 Patch ([email protected])
http://www.securitytracker.com/id?1006143 ([email protected])
http://www.securitytracker.com/id?1006144 ([email protected])
http://www.securitytracker.com/id?1006145 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 ([email protected])
http://www.cert.org/advisories/CA-2003-06.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/528719 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6904 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1006143 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1006144 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1006145 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 (af854a3a-2127-422b-91ae-364da2661108)