- BlackBerry® 7270 smartphone
- BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 2.3 (Moderate).
Vulnerabilities exist in the Session Initiation Protocol (SIP) implemented on a BlackBerry 7270 smartphone running BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier. If these vulnerabilities are exploited by a person with malicious intent, a denial of service may occur in the Phone application, but this will not affect the other capabilities of the BlackBerry 7270 smartphone. This does not affect any other BlackBerry device.
Note: Exploiting these vulnerabilities requires access to a private branch exchange (PBX) from within an enterprise network.
A BlackBerry 7270 smartphone receives a malicious SIP INVITE message. When the BlackBerry smartphone user ends a received call, the Phone application does not disconnect the call successfully and stops responding for approximately 30 to 40 seconds, until the BlackBerry 7270 smartphone clears the INVITE transaction state properly. The following problems occur on the BlackBerry smartphone:
- The BlackBerry smartphone continues to transmit responses to the SIP INVITE message.
- When the BlackBerry smartphone user tries to initiate the call, the following error message is displayed:
Cannot connect. Call in progress
- The BlackBerry smartphone does not receive incoming calls. The caller receives a busy signal.
A Denial of Service (DoS) may occur in the Phone application of the BlackBerry 7270 smartphone.
A person with malicious intent sends a SIP server INVITE transaction to a BlackBerry 7270 smartphone. The BlackBerry smartphone user answers the received call but does not receive an ACK from the caller. This vulnerability in the BlackBerry 7270 smartphone SIP implementation may prevent the BlackBerry smartphone from clearing the INVITE transaction state properly.
Upgrade to BlackBerry Device Software 4.0 Service Pack 1 Bundle 108 or later.
Wait 30 to 40 seconds for the BlackBerry 7270 smartphone to return to normal operation.
CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.
Updates to article formatting. No technical content changed.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.