Lucene search

MitreCVE-2006-0189

HistoryJan 13, 2006 - 11:03 a.m.

CVE-2006-0189

2006-01-1311:03:00

mitre

web.nvd.nist.gov

cve-2006-0189

buffer overflow

estara softphone

remote code execution

sip packet

udp port 5060

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.207

Percentile

96.4%

JSON

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka “a”) field in the SDP data of a SIP packet on UDP port 5060.

Affected configurations

Nvd

Node

estarasoftphoneMatch3.0.1.14

estarasoftphoneMatch3.0.1.46

VendorProductVersionCPE
estarasoftphone3.0.1.14cpe:2.3:a:estara:softphone:3.0.1.14:*:*:*:*:*:*:*
estarasoftphone3.0.1.46cpe:2.3:a:estara:softphone:3.0.1.46:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
estara	softphone	3.0.1.14	cpe:2.3:a:estara:softphone:3.0.1.14:::::::*
estara	softphone	3.0.1.46	cpe:2.3:a:estara:softphone:3.0.1.46:::::::*

References

secunia.com/advisories/18410

securitytracker.com/id?1015481

www.osvdb.org/22348

www.securityfocus.com/archive/1/421596/100/0/threaded

www.securityfocus.com/bid/16213

www.vupen.com/english/advisories/2006/0167

exchange.xforce.ibmcloud.com/vulnerabilities/24090

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.207

Percentile

96.4%

JSON

Related for CVE-2006-0189