Condorlab

Cisco – Vulnerability in Cisco IP Phone 8800 Series allow remote attacker to cause a DoS


Advisory IDRSN-SIP-1562


Vulnerability Information

 

A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated,remote attacker to cause a denial of service condition due to the SIP process unexpectedly restarting. All active phone calls are droppedas the SIP process restarts.


Release Date

2017-06-13 00:00:00

 

SIP (Session Initiation Protocol) is a protocol used for the initiation, modification and termination of voice and video calls through IP networks. This protocol is implemented in multiple Cisco systems products such as routers, switches and Firewalls.


Technical Information

 

A remote user can send specially crafted SIP packets to trigger an input validation flaw and cause the target SIP process to restart. As a result, active phone calls are dropped. The vendor has assigned bug ID CSCvc29353 to this vulnerability.


Solutions

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

Cisco Security Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-sip

Common Vulnerabilities and Exposures (CVE)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6656