PT-2007-5674 · Grandstream · Grandstream Sip Phone Gxv-3000

Published

2007-08-23

Updated

2017-07-29

CVE-2007-4498

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Grandstream SIP Phone GXV-3000 version 1.0.1.7

Description The issue allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.

Recommendations For Grandstream SIP Phone GXV-3000 version 1.0.1.7, consider restricting or disabling the handling of SIP INVITE messages and "SIP/2.0 183 Session Progress" messages until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4498

Affected Products

Grandstream Sip Phone Gxv-3000

PT-2007-5674 · Grandstream · Grandstream Sip Phone Gxv-3000

CVE-2007-4498

Related Identifiers

Affected Products

References · 11