Condorlab

Cisco – Vulnerability Cisco IP Phone 8800 Series devices


Advisory IDRSN-SIP-1641

Vulnerability Information

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.

Technical Information

A remote attacker could unexpectedly restarts devices by sending a malformed SIP packet to a targeted phone. All active phone calls are dropped as the SIP process restarts.

Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com

External Resources

http://www.securityfocus.com/bid/102003
http://www.securitytracker.com/id/1039922
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp

Common Vulnerabilities and Exposures (CVE)

https://www.cvedetails.com/cve/CVE-2017-12328/