SIP DDOS risks
Vulnerability details
The SNS is vulnerable to a crash when Nating a specially crafted SIP packet
Impacted products
Revisions
Version |
Date |
Description |
v1 |
02/21/2023 |
Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 8.1
|
Analysis
|
Impacted version
|
The SNS is vulnerable to a crash when Nating a specially crafted SIP packet
|
- 4.3.15
- SNS 4.6.0 to 4.6.2
|
Workaround solution
|
Solution
|
Deactivate the intrusion prevention (IPS) for the protocol SIP.
|
The following versions fix this vulnerability:
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |