Condorlab

Cisco – Vulnerability in Cisco IP Phone 8800 Series allow DoS


Advisory IDRSN-SIP-1790

 

Vulnerability Information

 

 

Vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts.


Technical Information

 

 

Remote user can cause the target service to crash. A remote user can send a specially crafted Session Initiation Protocol (SIP) packet header to trigger an input validation flaw and cause the target SIP process to restart, dropping all phone calls. For more information on the affected versions, CVE-2017-12328 was assigned for this bug.


Solutions

 

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

 

Cisco Security Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12328