Search:

January 2006

Cisco Security Notice

ID: 00047
Ref: 46/2006
Date: 16 January 2006:11:19:56
Version: 1

Title: Cisco Security Notice
Abstract: Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com
Vendors affected: CISCO
Applications affected: CISCO

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Notice:
======================
Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com
=================================================================

Document ID: 68787

http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml

Revision 1.0

For Public Release 2006 January 13 2130 UTC (GMT)

- - -----------------------------------------------------------------------

Contents
========

Cisco Response
Additional Information
Cisco Security Procedures

- - -----------------------------------------------------------------------

Cisco Response
==============

This is a response to the Cisco IP Phone DoS exploit posted
to http://www.milw0rm.com/ on January 10, 2006. When directed at port
80 of an affected phone, the exploit will cause the phone to reload.

Cisco has introduced changes to the firmware for 7940 and 7960 IP
Phones that will reduce the impact of a denial of service attack.
Starting with firmware revision 7.1(1), IP phones that are subject to
DoS attacks have the capability to perform load control using TCP
throttling. Although it may not be possible to maintain normal
operation during an attack, the phones will not reload.

The changes mentioned above are documented in Cisco bug ID CSCef33398.

This vulnerability was first reported to Cisco by Knud Erik Hojgaard;
we thank him for making us aware of this issue. We greatly appreciate
the opportunity to work with researchers on security vulnerabilities,
and welcome the opportunity to review and assist in product reports.

Additional Information
======================

It is important to note that Cisco best practices for IP Telephony
include several recommendations that isolate and protect IP phones from
many common attacks. For optimum functionality, these devices should be
deployed in accordance with those recommendations. For more
information, please see:

* Solution Reference Network Designs:
http://www.cisco.com/go/srnd/
* SAFE Blueprint:
http://www.cisco.com/go/safe/

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering
to receive security information from Cisco, is available on Cisco's
worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

- - -----------------------------------------------------------------------

All contents are Copyright 1992-2006 Cisco Systems, Inc. All rights
reserved.

- - -----------------------------------------------------------------------

Updated: Jan 13, 2006 Document ID: 68787

- - -----------------------------------------------------------------------
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDyBy9ezGozzK2tZARAkmxAJ4sGM0dIqtCAn9Ag/6QZin5ikS9CgCgqvLc
yn5FwFVrrPMNyPuy4Y4J5BY=
=Vcga
- -----END PGP SIGNATURE-----