[Snort-sigs] rule documentation for WEB-MISC CISCO VoIP DOS ATTEMPT

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Fri Jun 6 12:08:04 EDT 2003


Rule: WEB-MISC CISCO VoIP DOS ATTEMPT

--
Sid: 1814

--
Summary: A remote user has attempted to exploit a flaw on a Cisco VoIP 
phone.

--
Impact: Minimal

--
Detailed Information: Certain versions of Cisco's VoIP phones are 
vulnerable to an attack that can cause them to reboot
when they recieve an http request such as 
http://ciscophoneip/StreamingStatistics?<value> where <value> is an 
integer
value of arbitrary high value, typically a number greater than 32768.

--
Affected Systems: Cisco VoIP Phones 7910, 7940, and 7960 software version 
3.0 to 3.2
--
Attack Scenarios: A remote user can send the exploit url to the phone, 
causing the phone to reboot and disallowing
the user to place or recieve calls for up to 30 seconds.

--
Ease of Attack: Trivial

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: Visit vendor website for patch.

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.securityfocus.com/bid/4794
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030606/8b1aceea/attachment.html>


More information about the Snort-sigs mailing list