Denial of Service Vulnerability in 3Com Superstack 3 NBX IP Phones

vendor:

Superstack 3 NBX IP Phones

by:

SecurityFocus

6.4

CVSS

MEDIUM

Denial of Service

N/A

CWE

Product Name: Superstack 3 NBX IP Phones

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Denial of Service Vulnerability in 3Com Superstack 3 NBX IP Phones

It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond. It should be noted that this issue may be similar to the vulnerability described in BID 679. Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.

Mitigation:

N/A

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6297/info

It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond.

It should be noted that this issue may be similar to the vulnerability described in BID 679.

Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.

CEL aaaa[...]aaaa where string is 2048 bytes long