• IDP Daily Update #1320
  posted: 12/01/08
  
• NSM Daily Update #1320
  posted: 12/01/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1320
  posted: 12/01/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 12/01/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/30/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Aastra 9112i SIP Phone SIP Message Denial Of Service Vulnerability

Severity: MODERATE

Description:

The Aastra 9112i IP is a Voice Over IP (VoIP) phone.

The phone is prone to a denial-of-service vulnerability because it fails to handle specially crafted SIP messages, Specifically, if an attacker sends an SIP message with malformed header values, the phone will become unresponsive or ring indefinitely.

An attacker can exploit this issue to crash the affected device, denying service to legitimate users.

This issue affects firmware 1.4.0.1048, boot version: 1.1.0.10.

Affected Products:

• Aastra 9112i SIP Phone
• Aastra 9112i SIP Phone 1.4.0.1048

References:

• Aastra: Aastra 9112i SIP Phone Home Page
• Sipera VIPER Lab: Improper error handling vulnerability in Aastra 9112i SIP phone may allow an att