In association with heise online

20 March 2007, 15:03

DoS vulnerability in Cisco's SIP telephones

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a security advisory, Cisco's 7940/7960 SIP telephones can be rebooted with a specially prepared INVITE message. This vulnerability would probably be especially disturbing if the attacker exploited this DoS vulnerability whilst you were making a call.

The problem occurs in the analysis of an sipURI field in the other caller's INVITE message. Devices with firmware version P0S3-07-4-00 are affected, while the vulnerability has been remedied in POS8-6-0. The security advisory contains an exploit of only a few lines written in Perl to demonstrate the vulnerability.

For more information, see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit