Preview Tool

Cisco Bug: CSCur39976 - 9971 phone becomes unresponsive when receiving malformed RTP packets

Last Modified

Feb 16, 2018

Products (34)

  • Cisco Unified IP Phones 9900 Series
  • Cisco Unified IP Phone 9951
  • Cisco Unified IP Phone 7962G
  • Cisco Unified Wireless IP Phone 7920
  • Cisco Unified IP Phone Expansion Module 7914
  • Cisco Unified IP Phone 7945G
  • Cisco Unified IP Phone 7971G-GE
  • Cisco Unified Wireless IP Phone 7925G
  • Cisco Unified IP Phone 6941
  • Cisco Unified IP Phone 7961G-GE
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)


A vulnerability in the packet storing capabilities of the 9900 series IP Phone could allow an unauthenticated, remote attacker to send malformed
RTP packets to the phone buffer.

The vulnerability is due to how the phone decoder handles certain RTP packets. An attacker could exploit this vulnerability by calling a
registered phone, waiting for a user to answer then send malformed RTP packets to the users phone. 

A 9971 phone running firmware version 9-3-2ES-8 and registered to CUCM version:
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.