Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability

medium Nessus Plugin ID 72725

Synopsis

The remote IP telephony device is missing a vendor-supplied patch.

Description

According to its self-reported version, the version of the Cisco Unified IP Phone software running on the remote device does not properly process SIP headers. By sending a specially crafted SIP header to the device, a remote attacker may be able to cause the phone to unregister, resulting in a denial of service condition.

Solution

Apply the relevant update referenced in Cisco Security Notice.

See Also

http://www.nessus.org/u?ebca05bf

Plugin Details

Severity: Medium

ID: 72725

File Name: cisco-sn-20140658-phone.nasl

Version: 1.4

Type: local

Family: CISCO

Published: 2/27/2014

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/h:cisco:ip_phone

Required KB Items: Settings/ParanoidReport, Host/Cisco/CNU-OS

Exploit Ease: No known exploits are available

Patch Publication Date: 10/29/2013

Vulnerability Publication Date: 1/10/2014

Reference Information

CVE: CVE-2014-0658

BID: 64770

CISCO-BUG-ID: CSCul24898