HTTP: Cisco VoIP Phone Streaming Statistics Request

This signature detects attempts to exploit the small HTTP server included with Cisco VoIP phones. Versions CP-79xx are vulnerable. Attackers can review the statistical information served up by the StreamingStatistics script and use the information to perform attacks against the VoIP network.

Extended Description

The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems. It is possible to deny service to users of this line of phones. By placing a request to the /StreamingStatistics script with a stream ID (i.e. http://www.example.com/StreamingStatistics? where is an integer value) of arbitrarily high value, the phone will reset itself, creating the inability to place or receive calls for a period of up to thirty seconds. This has been reportedly reproduced by passing stream ID values of greater than 32768, and consistently reproduced with a value of 120000.

Affected Products

Cisco voip_phone_cp-7960

Short Name
HTTP:CISCO:VOIP:STREAM-ID-REQ
Severity
Info
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-0882 Cisco Phone Request Statistics Streaming VoIP bid:4794
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Rarely
Vendors

Cisco

CVSS Score

6.4

Found a potential security threat?