From Secunia:
Description:
A vulnerability has been reported in Cisco IP Phone 7940 and 7960, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the handling of certain SIP INVITE messages. This can be exploited to reboot the device by sending a specially crafted INVITE message with a malformed “sipURI” field of the Remote-Party-ID.
The vulnerability is reported in devices running firmware POS3-07-4-00.
Solution:
Reportedly, firmware POS8-6-0 is unaffected.
[tags]Cisco, VoIP, IP Phone, DoS[/tags]
