Email us! Subscribe to Liquidmatrix!

Cisco IP Phone SIP INVITE DoS

Author: Dave Lewis
March 20, 2007 at 7:30 am · Filed under Vulnerability

From Secunia:

Description:
A vulnerability has been reported in Cisco IP Phone 7940 and 7960, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of certain SIP INVITE messages. This can be exploited to reboot the device by sending a specially crafted INVITE message with a malformed “sipURI” field of the Remote-Party-ID.

The vulnerability is reported in devices running firmware POS3-07-4-00.

Solution:
Reportedly, firmware POS8-6-0 is unaffected.

Article Link

Tags: , , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Blackberry DoS Vulnerabilities
  • Cisco IP Phone Denial Of Service
  • Cisco IP Phone Overflow and DoS Vulnerabilities
  • Cisco PIX and ASA Vulns
  • Cisco Confirms Denial of Service In IOS

    • Leave a Comment