DoS vulnerability in Cisco's SIP telephones
According to a security advisory, Cisco's 7940/7960 SIP telephones can be rebooted with a specially prepared INVITE message. This vulnerability would probably be especially disturbing if the attacker exploited this DoS vulnerability whilst you were making a call.
The problem occurs in the analysis of an sipURI field in the other caller's INVITE message. Devices with firmware version P0S3-07-4-00 are affected, while the vulnerability has been remedied in POS8-6-0. The security advisory contains an exploit of only a few lines written in Perl to demonstrate the vulnerability.
- CISCO Phone 7940 DOS vulnerability, post at Full Disclosure
(ehe)