Skip to main content

Cisco IP Phone 7940 exploits

Published on Aug 22, 2007 in ,

Is it just me, or is public exploit code for SIP devices and SIP software appearing more often? Published on milw0rm - two perl scripts which launch a DoS attack [1][2] on Cisco IP Phone 7940. The advisories[1][2] can be found on full disclosure.

These vulnerabilities seem to be related to sequence of certain SIP requests being sent to the IP phone. So how were these vulnerabilities found? The researchers were making use of their own fuzzer called Madynes VoIP fuzzer KIPH, which supports “state tracking”.