[Snort-sigs] rule documentation for WEB-MISC CISCO VoIP DOS ATTEMPT

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Fri Jun 6 12:08:04 EDT 2003


Sid: 1814

Summary: A remote user has attempted to exploit a flaw on a Cisco VoIP 

Impact: Minimal

Detailed Information: Certain versions of Cisco's VoIP phones are 
vulnerable to an attack that can cause them to reboot
when they recieve an http request such as 
http://ciscophoneip/StreamingStatistics?<value> where <value> is an 
value of arbitrary high value, typically a number greater than 32768.

Affected Systems: Cisco VoIP Phones 7910, 7940, and 7960 software version 
3.0 to 3.2
Attack Scenarios: A remote user can send the exploit url to the phone, 
causing the phone to reboot and disallowing
the user to place or recieve calls for up to 30 seconds.

Ease of Attack: Trivial

False Positives: None Known

False Negatives: None Known

Corrective Action: Visit vendor website for patch.

Contributors: Original rule writer unknown.
              Josh Sakofsky
Additional References: http://www.securityfocus.com/bid/4794
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030606/8b1aceea/attachment.html>

More information about the Snort-sigs mailing list