HTTP: Cisco VoIP Phone PortInformation DOS

This signature detects attempts to exploit a known vulnerability in Cisco VoIP phones. Versions CP-7910 and later are vulnerable. Attackers can send an arbitrarily long (120000+) StreamID to the PortInformation script to cause an error message that displays a memory dump. Attackers can use this information to reconstruct the calling patterns of a particular phone.

Extended Description

The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems. It is possible to deny service to users of this line of phones. By placing a request to the /StreamingStatistics script with a stream ID (i.e. http://www.example.com/StreamingStatistics? where is an integer value) of arbitrarily high value, the phone will reset itself, creating the inability to place or receive calls for a period of up to thirty seconds. This has been reportedly reproduced by passing stream ID values of greater than 32768, and consistently reproduced with a value of 120000.

Affected Products

Cisco voip_phone_cp-7960

Short Name
HTTP:CISCO:VOIP:PORT-INFO-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-0882 Cisco DOS Phone PortInformation VoIP bid:4794
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Cisco

CVSS Score

6.4

Found a potential security threat?