Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities

Bugtraq ID:	25378
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4459
Remote:	Yes
Local:	No
Published:	Aug 20 2007 12:00AM
Updated:	Apr 16 2015 06:09PM
Credit:	These issues were found by Madynes research team using the Madynes VoIP fuzzer KIPH.
Vulnerable:	Cisco VoIP Phone CP-7960 3.2 Cisco VoIP Phone CP-7960 3.1 Cisco VoIP Phone CP-7960 3.0 Cisco VoIP Phone CP-7960 8.6(0) Cisco VoIP Phone CP-7940 3.2 Cisco VoIP Phone CP-7940 3.1 Cisco VoIP Phone CP-7940 3.0 Cisco VoIP Phone CP-7940 8.6(0)
Not Vulnerable:	Cisco VoIP Phone CP-7960 8.7(0) Cisco VoIP Phone CP-7940 8.7(0)

Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities

Cisco 7940/7960 phones are prone to multiple denial-of-service vulnerabilities.

A successful attack can allow remote attackers to crash or reboot an affected device.

Cisco 7940/7960 devices running firmware P0S3-08-6-00 and prior are reported vulnerable.

Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities

Proof-of-concept examples are available.

• /data/vulnerabilities/exploits/cisco_7940_dos1.pl
• /data/vulnerabilities/exploits/cisco_7940_dos2.pl

Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities

Solution:
The vendor released updates and an advisory to address this issue. Please see the referenced advisory for more information.

Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities

References:

• 7900 Series IP Phones Homepage (Cisco)
  
• Cisco Security Response: Multiple SIP Vulnerabilities in the Cisco 7960 IP Phone (Cisco)