Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability

2015-06-29T18:05:35
ID CISCO-SA-20150629-CVE-2015-4226
Type cisco
Reporter Cisco
Modified 2015-06-29T17:59:28

Description

A vulnerability in the packet storing capabilities of Cisco 9900 Series IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to how the phone decoder handles certain real-time transport protocol (RTP) packets. An attacker could exploit this vulnerability by calling a registered phone, waiting for a user to answer, then send malformed RTP packets to the user’s phone. A successful exploit could cause the phone to become unresponsive, resulting in a DoS condition.

A vulnerability in the packet storing capabilities of Cisco 9900 Series IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to how the phone decoder handles certain real-time transport protocol (RTP) packets. An attacker could exploit this vulnerability by calling a registered phone, waiting for a user to answer, then send malformed RTP packets to the user’s phone. A successful exploit could cause the phone to become unresponsive, resulting in a DoS condition.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must first call a targeted phone and then rely on a user to answer the phone prior to sending malformed RTP packets. The attacker can not exploit this vulnerability without this requirement.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.