PT-2007-5724 · Thomson · Thomson St 2030 Sip Phone

Published

2007-08-28

Updated

2017-07-29

CVE-2007-4553

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Thomson ST 2030 SIP phone version 1.52.1

Description The issue allows remote attackers to cause a denial of service, resulting in the device hanging. This can be achieved by sending an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

Recommendations For version 1.52.1, consider restricting access to the INVITE message functionality until a patch is available. As a temporary workaround, avoid using the Via header with a '/' (slash) in the SIP version number to prevent the device from hanging.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4553

Affected Products

Thomson St 2030 Sip Phone

PT-2007-5724 · Thomson · Thomson St 2030 Sip Phone

CVE-2007-4553

Related Identifiers

Affected Products

References · 10