Vulnerability Description
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.2\(1\)xa |
| Cisco | Ip Phone 7940 | All versions |
| Cisco | Ip Phone 7960 | All versions |
| Cisco | Pix Firewall Software | 5.2\(1\) |
References
- http://www.cert.org/advisories/CA-2003-06.htmlThird Party AdvisoryUS Government Resource
- http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtmlPatch
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/Exploit
- http://www.kb.cert.org/vuls/id/528719Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6904Patch
- http://www.securitytracker.com/id?1006143
- http://www.securitytracker.com/id?1006144
- http://www.securitytracker.com/id?1006145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
- http://www.cert.org/advisories/CA-2003-06.htmlThird Party AdvisoryUS Government Resource
- http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtmlPatch
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/Exploit
- http://www.kb.cert.org/vuls/id/528719Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6904Patch
- http://www.securitytracker.com/id?1006143
FAQ
What is CVE-2003-1109?
CVE-2003-1109 is a vulnerability with a CVSS score of 7.5 (HIGH). The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote att...
How severe is CVE-2003-1109?
CVE-2003-1109 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1109?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ip Phone 7940, Cisco Ip Phone 7960, Cisco Pix Firewall Software.