| VID |
29086 |
| Severity |
30 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
3Com NBX VoIP NetSet is running on the remote host.
The 3Com NBX running firmware version 4.2.7 uses VxWorks Embedded Real time Operating system and the embedded web server, Virata-EmWeb/R6_0_3. This web server is vulnerable to a denial of service attack, caused by insufficient user input checking. By simply running a port scanning/vulnerability scanning engine against the device using a tool, such as Nessus in safeChecks mode, it could effectively cause the NBX NetSet Web server to crash. A hard reboot is required to restore normal functionality.
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of NBX NetSet web server, so this might be a false positive.
* References:
http://www.secnap.com/security/20040420.html
* Platforms Affected:
3Com Corporation: 3Com NBX 100 Communications System 4.2.7
3Com Corporation: 3Com SuperStack 3 NBX 4.2.7 |
| Recommendation |
No upgrade or patch for this vulnerability as of June 2014. Please contact vendor for new firmware that they fix it. |
| Related URL |
(CVE) |
| Related URL |
10240 (SecurityFocus) |
| Related URL |
16015 (ISS) |
|
