CVE-2003-1109

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/	Exploit
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml	Patch
http://www.cert.org/advisories/CA-2003-06.html	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/528719	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/6904	Patch
http://www.securitytracker.com/id?1006143
http://www.securitytracker.com/id?1006144
http://www.securitytracker.com/id?1006145
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios:12.2\(1\)xd:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xd1:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xq:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xs:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xs1:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xb3:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xb4:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xi1:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xi2:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xu:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xu2:::::::*
	cpe:2.3:o:cisco:ios:12.2xe:::::::*
	cpe:2.3:o:cisco:ios:12.2xg:::::::*
	cpe:2.3:o:cisco:ios:12.2xl:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xa:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xh3:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xe2:::::::*
	cpe:2.3:o:cisco:ios:12.2xn:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xi:::::::*
	cpe:2.3:o:cisco:ios:12.2xm:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xa5:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xh:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xt:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xt3:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xn:::::::*
	cpe:2.3:o:cisco:ios:12.2xd:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xa:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xe3:::::::*
	cpe:2.3:o:cisco:ios:12.2xf:::::::*
	cpe:2.3:o:cisco:ios:12.2xq:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xe:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xb:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xa1:::::::*
	cpe:2.3:o:cisco:ios:12.2xr:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xd3:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xk:::::::*
	cpe:2.3:o:cisco:ios:12.2xj:::::::*
	cpe:2.3:o:cisco:ios:12.2xh:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xj1:::::::*
	cpe:2.3:o:cisco:ios:12.2xb:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)t4:::::::*
	cpe:2.3:o:cisco:ios:12.2xw:::::::*
	cpe:2.3:o:cisco:ios:12.2t:::::::*
	cpe:2.3:o:cisco:ios:12.2\(1\)xd4:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xh2:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xh:::::::*
	cpe:2.3:o:cisco:ios:12.2xk:::::::*
	cpe:2.3:o:cisco:ios:12.2xc:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xj:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xk2:::::::*
	cpe:2.3:o:cisco:ios:12.2\(11\)t:::::::*
	cpe:2.3:o:cisco:ios:12.2xs:::::::*
	cpe:2.3:o:cisco:ios:12.2xi:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xf:::::::*
	cpe:2.3:o:cisco:ios:12.2xa:::::::*
	cpe:2.3:o:cisco:ios:12.2\(2\)xg:::::::*
	cpe:2.3:o:cisco:ios:12.2xt:::::::*

OR	cpe:2.3:o:cisco:pix_firewall_software:5.2\(1\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.2\(2\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.3\(1.200\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.3\(2\):::::::*
	cpe:2.3:h:cisco:ip_phone_7940::::::::
	cpe:2.3:h:cisco:ip_phone_7960::::::::
	cpe:2.3:o:cisco:pix_firewall_software:5.3:::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.3\(1\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:6.1\(2\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:6.2\(1\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.2\(6\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:6.0\(1\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:6.0\(2\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.3\(3\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:6.0:::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.2\(3.210\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.2\(5\):::::::*
	cpe:2.3:o:cisco:pix_firewall_software:5.2\(7\):::::::*

Information

Published : 2003-12-30 21:00

Updated : 2018-10-30 09:26

NVD link : CVE-2003-1109

Mitre link : CVE-2003-1109

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

pix_firewall_software
ip_phone_7940
ip_phone_7960
ios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml", "name": "20030221 Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite", "tags": ["Patch"], "refsource": "CISCO"}, {"url": "http://www.cert.org/advisories/CA-2003-06.html", "name": "CA-2003-06", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.kb.cert.org/vuls/id/528719", "name": "VU#528719", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/6904", "name": "6904", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1006143", "name": "1006143", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1006144", "name": "1006144", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1006145", "name": "1006145", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name": "sip-invite(11379)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1109", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xa:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xh:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)t4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(11\\)t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xf:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(2\\)xg:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:26Z"}

7.5 /10