Vulnerability Description
Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polycom | Soundpoint Ip 650 | bootrom_3.0.0 |
References
- http://osvdb.org/37611
- http://www.polycom.com/common/documents/support/downloads/voice/soundpoint_ip_so
- http://www.securityfocus.com/bid/24547
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=273&
- http://osvdb.org/37611
- http://www.polycom.com/common/documents/support/downloads/voice/soundpoint_ip_so
- http://www.securityfocus.com/bid/24547
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=273&
FAQ
What is CVE-2007-3368?
CVE-2007-3368 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
How severe is CVE-2007-3368?
CVE-2007-3368 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3368?
Check the references section above for vendor advisories and patch information. Affected products include: Polycom Soundpoint Ip 650.