| Secunia Advisory: | SA27898 | |
| Release Date: | 2007-12-06 | |
| Critical: |  Less critical | |
| Impact: | DoS | |
| Where: | From remote | |
| Solution Status: | Unpatched | |
| Software: | Cisco IP Phone 7940 | |
| This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! | ||
The Madynes research team has reported a vulnerability in Cisco IP Phone 7940, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to the improper handling of SIP INVITE messages. This can be exploited to deny legitimate calls or to reboot the device by sending a series of SIP INVITE messages containing a "Request-URI" without a username.
Successful exploitation requires knowledge of a valid userid on the target phone.
The vulnerability is reported in firmware version P0S3-08-7-00. Other versions may also be affected.
Solution:
Restrict network access to the vulnerable device.
Provided and/or discovered by:
Madynes research team at INRIA Lorraine.
Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html
資料來源 http://secunia.com/advisories/27898/
全站熱搜
留言列表
