Skip to main content

Cisco Unified IP Phone Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Feb 2008 2470 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Cisco Unified IP Phones, which could be exploited by attackers to cause a denial of service or take complete control of an affected device.

1. A buffer overflow error when parsing DNS responses, which could be exploited by attackers to crash an affected device or execute arbitrary code.

2. An error when handling large ICMP echo request packets, which could be exploited to reboot a vulnerable device, creating a denial of service condition.

3. An error when handling a specially crafted HTTP request sent to port 80/TCP, which could be exploited to reboot a vulnerable device, creating a denial of service condition.

4. A buffer overflow error in the internal Secure Shell (SSH) server when processing malformed packets, which could be exploited by unauthenticated attackers to crash a vulnerable device or execute arbitrary code.

5. A buffer overflow error when handling SIP messages with malformed Multipurpose Internet Mail Extensions (MIME) encoded data, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.

6. A buffer overflow error in the internal telnet server (disabled by default) when processing malformed packets, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.

7. A heap overflow error when handling a malformed challenge/response message from a SIP proxy, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco Unified IP Phone 7906G
  • Cisco Unified IP Phone 7911G
  • Cisco Unified IP Phone 7935
  • Cisco Unified IP Phone 7936
  • Cisco Unified IP Phone 7940
  • Cisco Unified IP Phone 7940G
  • Cisco Unified IP Phone 7941G
  • Cisco Unified IP Phone 7960
  • Cisco Unified IP Phone 7960G
  • Cisco Unified IP Phone 7961G
  • Cisco Unified IP Phone 7970G
  • Cisco Unified IP Phone 7971G


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to the latest firmware versions
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml


Vulnerability Identifier


Source


Related Link