Cisco Unified IP Phone RTP远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184030 漏洞类型 输入验证
发布时间 2009-01-14 更新时间 2009-01-14
CVE编号 CVE-2008-4444 CNNVD-ID CNNVD-200901-201
漏洞平台 N/A CVSS评分 7.1
|漏洞来源
https://www.securityfocus.com/bid/33264
https://cxsecurity.com/issue/WLB-2009010047
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-201
|漏洞详情
CiscoUnifiedIPPhone是美国思科(Cisco)公司的一套统一IP电话解决方案。CiscoUnifiedIPPhone没有正确地解析某些畸形的RTP头。用于在创建了与目标电话的呼叫或能够访问VoIP网络的话,则通过SIP协议注入畸形的RTP帧就会导致电话重载。
|漏洞EXP
Title:
------
* Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability

Summary:
--------
* The Cisco Unified IP Phone 7960G and 7940G (SIP) do not correctly
parse some malformed RTP headers leading to a deterministic denial of
service

Assigned CVE:
-------------
* CVE-2008-4444

Details:
--------
* SIP protocol is used to set up calls between phones. Once the call is
established, the media content is carried by the RTP protocol. A remote
attacker could send a specially crafted RTP packet against a Cisco SIP
phone in such a way as to cause the phone to reboot.

Attack Impact:
--------------
* Denial-of-service (reboot or hang-up) and possibly remote arbitrary
code execution

Attack Vector:
--------------
* Have the possibility to setup a call to the targeted phone and carry
RTP frame to the vulnerable device
* Have access to the VoIP network while a call is established and inject
RTP frames

Timeline:
---------
* 2008-06-13 - Vulnerability reported to Cisco
* 2008-06-16 - Full details sent to Cisco
* 2008-10-21 - Cisco released a patched firmware
* 2009-01-14 - Release of this security advisory

Affected Products:
------------------
* Cisco Unified IP Phone 7960G and 7940G (SIP) with P0S3-08-9-00
firmware. Cisco released a patched firmware on October 21, 2008 which is
described in the bug identifier CSCsu22285 (Cisco Unified IP Phone 7960G
and 7940G (SIP) Release Notes for Firmware Release 8.10).

Credits:
--------
* This vulnerability was discovered by Gabriel Campana and Laurent Butti
from France Telecom / Orange
|受影响的产品
Cisco Unified IP Phone 7960G Cisco Unified IP Phone 7940G
|参考资料

来源:XF
名称:cisco-unifiedipphone-rtp-dos(47948)
链接:http://xforce.iss.net/xforce/xfdb/47948
来源:BID
名称:33264
链接:http://www.securityfocus.com/bid/33264
来源:BUGTRAQ
名称:20090114CiscoUnifiedIPPhone7960Gand7940G(SIP)RTPHeaderVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/500059/100/0/threaded
来源:www.cisco.com
链接:http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html
来源:SREASON
名称:4917
链接:http://securityreason.com/securityalert/4917