Cisco Bug: CSCur39976 - 9971 phone becomes unresponsive when receiving malformed RTP packets
Last Modified
Feb 16, 2018
Products (34)
- Cisco Unified IP Phones 9900 Series
- Cisco Unified IP Phone 9951
- Cisco Unified IP Phone 7962G
- Cisco Unified Wireless IP Phone 7920
- Cisco Unified IP Phone Expansion Module 7914
- Cisco Unified IP Phone 7945G
- Cisco Unified IP Phone 7971G-GE
- Cisco Unified Wireless IP Phone 7925G
- Cisco Unified IP Phone 6941
- Cisco Unified IP Phone 7961G-GE

Known Affected Releases
9.3(2)
Description (partial)
Symptoms: A vulnerability in the packet storing capabilities of the 9900 series IP Phone could allow an unauthenticated, remote attacker to send malformed RTP packets to the phone buffer. The vulnerability is due to how the phone decoder handles certain RTP packets. An attacker could exploit this vulnerability by calling a registered phone, waiting for a user to answer then send malformed RTP packets to the users phone. Conditions: A 9971 phone running firmware version 9-3-2ES-8 and registered to CUCM version: 8.6.2.25140-1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases