vendor:
Cisco 7940
by:
Humberto J. Abdelnur, Radu State, Olivier Festor
7.5
CVSS
HIGH
DOS
CWE
Product Name: Cisco 7940
Affected Version From: P0S3-07-4-00
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:cisco:7940_firmware:p0s3-07-4-00
Platforms Tested:
2007
Cisco 7940 SIP INVITE remote DOS
After sending a crafted INVITE message, the Cisco 7940 phone reboots immediately. The vulnerability is caused by the phone not properly checking the sipURI field of the Remote-Party-ID in the message.
Mitigation:
Fixed software is available from the vendor. Recommended best practices, such as segregating VOIP traffic from data, can also protect against malicious traffic.