Cisco released updates to their SIP firmware to resolve DOS (denial of service) vulnerabilities with the 7940/7960 IP phones.
Quote:
The vulnerability is caused due to an error within the handling of certain SIP INVITE messages. This can be exploited to reboot the device by sending a specially crafted INVITE message with a malformed "sipURI" field of the Remote-Party-ID.
|
Original Article