Cisco Bug: CSCur39976 - 9971 phone becomes unresponsive when receiving malformed RTP packets

Last Modified

Feb 16, 2018

Products (34)

Cisco Unified IP Phones 9900 Series
Cisco Unified IP Phone 9951
Cisco Unified IP Phone 7962G
Cisco Unified Wireless IP Phone 7920
Cisco Unified IP Phone Expansion Module 7914
Cisco Unified IP Phone 7945G
Cisco Unified IP Phone 7971G-GE
Cisco Unified Wireless IP Phone 7925G
Cisco Unified IP Phone 6941
Cisco Unified IP Phone 7961G-GE

View all products in Bug Search Tool Login Required

Known Affected Releases

9.3(2)

Description (partial)

Symptoms:

A vulnerability in the packet storing capabilities of the 9900 series IP Phone could allow an unauthenticated, remote attacker to send malformed
RTP packets to the phone buffer.

The vulnerability is due to how the phone decoder handles certain RTP packets. An attacker could exploit this vulnerability by calling a
registered phone, waiting for a user to answer then send malformed RTP packets to the users phone. 


Conditions:
A 9971 phone running firmware version 9-3-2ES-8 and registered to CUCM version: 8.6.2.25140-1

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts