This table summarizes VoIP vulnerabilities, and complements Angelos Keromytis' ;login: article that appeared in the Feb 2010 issue of ;login:.

Not all table headings will be obvious, and we explain them here:

  1. VulnerabilityID The CVE ID of the vulnerability, with a hyperlink to the actual CVE page describing the problem.
  2. Year The year the vulnerability was first reported.
  3. ClientOrServer Whether the vulnerability affects end-user equipment/software or servers; in a few cases, both are.
  4. ICP Vulnerabilities can be due to Implemention, Configuration, or Protocol problems.
  5. VoIPSA Indicates which of the first four categories from the VoIPSA taxonomy a vulnerability falls into (possibly more than one). The four categories are:
    1. Social threats
    2. Traffic threats (e.g., eavesdropping)
    3. Denial of service
    4. Service abuse
  6. CIA Confidentiality (secrecy), Integrity, and Availability of the device, server, or user data; a vulnerability may fall under more than one category. Parentheses are used to indicate suspected/hypothesized but not confirmed violations.
VulnerabilityID Year ClientOrServer ICP VoIPSA CIA CrossProtocol Notes
CVE-1999-0938 1999 C I 1, 2, 3, 4 I N
CVE-2001-0546 2001 S I 3 A N
CVE-2002-0835 2002 S I 3 A Y DHCP
CVE-2002-0880 2002 C I 3 A N
CVE-2002-0881 2002 C C 1, 2, 3, 4 I N default password
CVE-2002-0882 2002 C I 1, 3 I, A Y web server vulnerability
CVE-2002-1935 2002 C I 4 I N bad randomness
CVE-2002-2266 2002 S I 3 A Y H.323 firewall handling
CVE-2003-0761 2003 S I 1, 2, 3, 4 I N
CVE-2003-0819 2003 S I 2, 3 I Y H.323 firewall handling
CVE-2003-1108 2003 S I 3 A (I) N
CVE-2003-1109 2003 C I 3 A (I) N
CVE-2003-1110 2003 C, S I 3 A (I) N SIP implementation
CVE-2003-1111 2003 S I 3 A (I) N
CVE-2003-1112 2003 S I 3 A (I) Y firewall handling
CVE-2003-1113 2003 S I 3 A (I) N
CVE-2003-1114 2003 C, S I 3 A (I) N
CVE-2003-1115 2003 S I 3 A (I) N
CVE-2004-0054 2004 C, S I 3 A (I) N
CVE-2004-0056 2004 S I 3 A (I) N
CVE-2004-0117 2004 S I 1, 2, 3, 4 I N
CVE-2004-0498 2004 S I 3 A Y firewall handling
CVE-2004-0504 2004 S I 3 A Y ethereal crash
CVE-2004-1114 2004 C I 1, 2, 3, 4 I N
CVE-2004-1777 2004 C I 3 A N
CVE-2004-1977 2004 S I 3 A N
CVE-2004-2344 2004 S I 3 A N
CVE-2004-2629 2004 C, S I 3 A N
CVE-2004-2758 2004 S I 3 A N
CVE-2005-0745 2005 C I 4 I N
CVE-2005-1461 2005 S I 3 A (I) Y ethereal crash
CVE-2005-2081 2005 S I 1, 2, 3, 4 I N
CVE-2005-2181 2005 C I 1 I N
CVE-2005-2182 2005 C I 1 I N
CVE-2005-3265 2005 C I 1, 2, 3, 4 I N
CVE-2005-3267 2005 C I 3 A N
CVE-2005-3715 2005 C C 1, 2, 3, 4 I N net debugger w/o auth
CVE-2005-3716 2005 C C 1 C Y SNMP w/o auth
CVE-2005-3717 2005 C C 1, 2, 3, 4 I Y telnet w/ default auth
CVE-2005-3718 2005 C C 1, 2, 3, 4 I Y no-auth access services
CVE-2005-3719 2005 C C 1, 2, 3, 4 I Y hard-coded telnet passwd
CVE-2005-3720 2005 C C 1 C Y web server reveals info
CVE-2005-3721 2005 C C 1, 2, 3, 4 I Y no auth for web server ctrl
CVE-2005-3722 2005 C I 1, 2, 4 C, I Y no-auth SNMP R/W access
CVE-2005-3723 2005 C C 1, 3 C, A Y SNMP, TCP port 3390
CVE-2005-3724 2005 C C 1, 3 C, A Y UDP port 9090
CVE-2005-3725 2005 C C 1, 2, 3 I, A Y hard-coded DNS
CVE-2005-3803 2005 C C 1 C Y hard-coded SNMP auth
CVE-2005-3804 2005 C C 1, 3 C, A Y net VxWorks debugger
CVE-2005-3989 2005 S I 3 A N
CVE-2005-4050 2005 C I 1, 2, 3, 4 I N
CVE-2005-4464 2005 S I 3 A Y firewall handling
CVE-2005-4466 2005 S I 3 A (I) N
CVE-2006-0189 2006 C I 1, 2, 3, 4 I N
CVE-2006-0302 2006 C C 1 C Y UDP port 9090
CVE-2006-0305 2006 C C 1, 2, 3, 4 I Y debug on TCP 60023
CVE-2006-0359 2006 C I 3 A N
CVE-2006-0360 2006 C C 1, 3 C, A Y
CVE-2006-0374 2006 C C 1, 2, 3, 4 I Y multiple ports/services open
CVE-2006-0375 2006 C C 1, 3 I, A Y hard-coded NTP settings
CVE-2006-0737 2006 C I 3 A N
CVE-2006-0738 2006 C I 3 A N
CVE-2006-0739 2006 C I 3 A N
CVE-2006-0834 2006 C C 1 C Y default pass on web-based admin tool
CVE-2006-1973 2006 S I 3 A N
CVE-2006-2312 2006 C I 1 C N
CVE-2006-2924 2006 S I 3 A Y SSL-based crash
CVE-2006-2925 2006 S I 1, 2, 3, 4 I Y XSS injection to web admin interface
CVE-2006-3524 2006 S I 1, 2, 3, 4 I N
CVE-2006-3594 2006 S I 1, 2, 3, 4 I N
CVE-2006-4029 2006 C I 1, 2, 3, 4 I N
CVE-2006-4032 2006 S I 2 C N
CVE-2006-5038 2006 C C 1, 2, 3, 4 I Y hard-coded telnet admin password
CVE-2006-5084 2006 C I 3 A (I) N
CVE-2006-5231 2006 C I 3 A N
CVE-2006-5233 2006 C I 3 A Y DoS through the web server
CVE-2006-5445 2006 S I 3 A N
CVE-2006-6411 2006 C I 3 A N
CVE-2006-7121 2006 C I 3 A Y crash through the web server
CVE-2007-0334 2007 S I 1, 4 I N
CVE-2007-0431 2007 C I 3 A N
CVE-2007-0648 2007 S I 3 A N crash when SIP is NOT configured!
CVE-2007-0746 2007 C I 1, 2, 3, 4 I N
CVE-2007-0961 2007 S I 3 A N
CVE-2007-1306 2007 S I 3 A N
CVE-2007-1542 2007 C I 3 A N
CVE-2007-1561 2007 S I 3 A N
CVE-2007-1590 2007 C I 3 A N
CVE-2007-1594 2007 S I 3 A N
CVE-2007-1650 2007 C I 3 A N
CVE-2007-1693 2007 S I 3 A N
CVE-2007-2191 2007 S I 1, 2, 3, 4 I N
CVE-2007-2270 2007 C I 3 A N
CVE-2007-2293 2007 S I 1, 2, 3, 4 I N
CVE-2007-2297 2007 S I 3 A N
CVE-2007-2886 2007 S I 3 A N
CVE-2007-3047 2007 C C 1, 2, 3, 4 I N default password
CVE-2007-3177 2007 S I 4 I N
CVE-2007-3317 2007 C I 3 A N
CVE-2007-3318 2007 C I 3 A N
CVE-2007-3319 2007 C I 2 C, I N auth failure leads to traffic hijack/intercept
CVE-2007-3320 2007 C I 1 I N
CVE-2007-3321 2007 C I 3 A Y crash through BOOTP
CVE-2007-3322 2007 C I 3 A N
CVE-2007-3347 2007 C I 1 I N
CVE-2007-3348 2007 C I 3 A N
CVE-2007-3349 2007 C I 3 A N
CVE-2007-3350 2007 C I 3 A N
CVE-2007-3351 2007 C I 3 A N
CVE-2007-3361 2007 C I 3 A N
CVE-2007-3362 2007 C I 3 A N
CVE-2007-3368 2007 C I 3 A Y crash through HTTP server buffer overflow
CVE-2007-3369 2007 C I 3 A N
CVE-2007-3436 2007 C I 3 A N
CVE-2007-3437 2007 C I 3 A N
CVE-2007-3438 2007 C I 1, 2, 3, 4 I N
CVE-2007-3439 2007 C C 2 C Y traffic analysis through web server
CVE-2007-3440 2007 C C 4 I Y place calls through web server
CVE-2007-3441 2007 C I 3 A N
CVE-2007-3442 2007 C I 3 A N
CVE-2007-3443 2007 C I 3 A N
CVE-2007-3444 2007 C I 3 A N
CVE-2007-3445 2007 C I 3 A N
CVE-2007-3896 2007 C I 1, 2, 3, 4 I N
CVE-2007-4291 2007 S I 3 A N
CVE-2007-4292 2007 S I 3 A N
CVE-2007-4294 2007 S I 1, 2, 3, 4 I N
CVE-2007-4295 2007 S I 1, 2, 3, 4 I N
CVE-2007-4366 2007 C I 3 A N
CVE-2007-4382 2007 C I 3 A N
CVE-2007-4429 2007 C I 3 A N
CVE-2007-4455 2007 S I 3 A N
CVE-2007-4459 2007 C I 3 A N
CVE-2007-4489 2007 C I 1, 2, 3, 4 I N
CVE-2007-4498 2007 C I 1, 2, 3 C, A N
CVE-2007-4553 2007 C I 3 A N
CVE-2007-4753 2007 C I 3 A N
CVE-2007-4924 2007 C I 3 A N
CVE-2007-5361 2007 S I 2, 3 C, A Y TFTP dependency
CVE-2007-5369 2007 C I 3 A N
CVE-2007-5411 2007 C I 1, 2, 3, 4 I Y XSS through SIP
CVE-2007-5468 2007 S I 4 I N
CVE-2007-5469 2007 S P 4 I N
CVE-2007-5488 2007 S I 1, 2, 3, 4 I Y SQL injection attack through SIP
CVE-2007-5537 2007 S I 3 A N
CVE-2007-5556 2007 C I 3 A N
CVE-2007-5583 2007 C I 3 A N
CVE-2007-5591 2007 S I 3 A N
CVE-2007-5788 2007 C I 3 A N
CVE-2007-5791 2007 C I 1, 3 I, A N
CVE-2007-5989 2007 C I 1, 2, 3, 4 I N
CVE-2007-6095 2007 S I 2 I Y firewall allows eavesdropping
CVE-2007-6371 2007 C I 3 A N
CVE-2008-0095 2008 S I 3 A N
CVE-2008-0263 2008 S I 3 A Y firewall problem
CVE-2008-0454 2008 C I 1 I N XSS on skype
CVE-2008-0528 2008 C I 1, 2, 3, 4 I N
CVE-2008-0530 2008 C I 1, 2, 3, 4 I Y code injection through DNS
CVE-2008-0531 2008 C I 1, 2, 3, 4 I N
CVE-2008-0582 2008 C I 1 I N XSS on skype
CVE-2008-0583 2008 C I 1 I N XSS on skype
CVE-2008-1113 2008 C I 1, 2 C, I N
CVE-2008-1114 2008 C I 1, 2 C, I N
CVE-2008-1248 2008 C I 4 I Y calls through web server
CVE-2008-1249 2008 C I 3 A N
CVE-2008-1250 2008 C I 1, 4 I Y CSRF through web server
CVE-2008-1251 2008 C I 1, 2, 3, 4 I Y XSS through web server
CVE-2008-1332 2008 S I 4 I N
CVE-2008-1334 2008 S I 1, 2, 3, 4 I Y web server auth bypass
CVE-2008-1741 2008 S I 3 A N
CVE-2008-1745 2008 S I 3 A N
CVE-2008-1747 2008 S I 3 A N
CVE-2008-1748 2008 S I 3 A N
CVE-2008-1805 2008 C I 1, 2, 3, 4 I N
CVE-2008-1959 2008 S I 3 A N
CVE-2008-2085 2008 S I 3 A (I) N
CVE-2008-2119 2008 S I 3 A N
CVE-2008-2545 2008 C I 1, 2, 3, 4 I N
CVE-2008-2732 2008 S I 3 A N
CVE-2008-2733 2008 S I 3 A Y crash through IPsec
CVE-2008-3157 2008 C I 3 A N
CVE-2008-3210 2008 S I 3 A N
CVE-2008-3778 2008 S I 1, 2, 3, 4 I, A Y management interface no auth for update
CVE-2008-3799 2008 S I 3 A N
CVE-2008-3800 2008 S I 3 A N
CVE-2008-3801 2008 S I 3 A N
CVE-2008-3802 2008 S I 3 A N
CVE-2008-3903 2008 S I 1 C N
CVE-2008-4444 2008 C I 3 A (I) N
CVE-2008-4874 2008 C C 1, 2, 3, 4 I Y default service account in web interface
CVE-2008-4875 2008 C I 1 C Y file access through web interface vuln.
CVE-2008-5180 2008 C I 3 A N
CVE-2008-5871 2008 S I 4 I N
CVE-2008-6140 2008 C I 3 A N
CVE-2008-6141 2008 C I 3 A N
CVE-2008-6509 2008 S I 1, 2, 3 I Y SIP-based SQL injection on IM server
CVE-2008-6573 2008 S I 1, 2, 3 I N
CVE-2008-6574 2008 S I 3 A N
CVE-2008-6575 2008 S I 3 A N
CVE-2008-6706 2008 S I 1, 2 C Y access to data via web interface bug
CVE-2008-6707 2008 S I 1, 2 C Y access to data via web interface bug
CVE-2008-6708 2008 S I 1, 2, 3, 4 I Y root access via web interface bug
CVE-2008-6709 2008 S I 1, 2, 3, 4 I Y command execution via web interface bug
CVE-2008-7065 2008 C I 3 A N
CVE-2009-0630 2009 S I 3 A N
CVE-2009-0631 2009 S I 3 A N
CVE-2009-0636 2009 S I 3 A N
CVE-2009-0871 2009 S I 3 A N
CVE-2009-1048 2009 C I 1, 2, 3, 4 I Y
CVE-2009-1158 2009 S I 3 A N firewall crash via H.323 module bug
CVE-2009-2050 2009 S I 3 A N
CVE-2009-2051 2009 S I 3 A N
CVE-2009-2054 2009 S I 3 A N
CVE-2009-2726 2009 S I 3 A N
CVE-2009-2864 2009 S I 3 A N
CVE-2009-2867 2009 S I 3 A N firewall crash via SIP
CVE-2009-2870 2009 S I 3 A N VoIP gateway crash via SIP
CVE-2009-3083 2009 C I 3 A N
CVE-2009-3704 2009 C I 3 A N
draft-state-sip-relay-attack 2009 C, S P 4 I N
RFC 5393 2009 S P 3 A N