Cisco 7940 and 7960 IP phones with firmware version 7.4 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to an error within the handling of malformed SIP INVITE messages. An attacker could exploit this vulnerability by sending a crafted INVITE message to the device to cause it to reboot, resulting in a temporary DoS condition.
Proof-of-concept code is available.
Cisco confirmed this vulnerability and released updates to correct it.
To exploit this vulnerability, the attacker must have access to the network on which the device resides. Another attack vector would be a SIP gateway that could pass the malicious SIP INVITE message to an affected device. Typically IP phones reside on their own network, which could prevent an external attacker from exploiting this vulnerability. However, an attacker with physical access to an IP phone could potentially unplug the phone and access the phone network directly from the connection that the IP phone normally plugs into.
Cisco has released firmware version 8.6 is not affected by this vulnerability