« Movial Launches Social Communicator with Global IP Solutions’ Mobile VoIP Software
VoIP Portable Phone Displayed at 2008 Mobile World Congress »

Cisco Patches Potentially Crippling VoIP Flaws

Cisco late Wednesday patched seven severe vulnerabilities in its widely used internet telephony software that could permit device compromise or system shutdown.

The bugs – rated “highly critical” by vulnerability tracking firm Secunia – were reported in 16 devices from the networking giant’s Unified IP Phone 7900 series, according to a Cisco advisory. Affected phones are those running either the industry standard session initiation protocol (SIP) and/or Cisco’s proprietary Skinny Client Control Protocol (SCCP).

Four of the VoIP flaws are overflow vulnerabilities, caused by handling errors that could result in the installation of malicious code on a victim’s phone. Another two bugs could permit specially crafted packets to launch DoS attacks. And a final vulnerability may allow privilege escalation.

Read more about this at SC Magazine.

This entry was posted on Thursday, February 14th, 2008 at 10:04 pm and is filed under VoIP News, VoIP Phones, VoIP Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply