Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco IP Phones Input Validation Flaw in libSRTP Lets Remote Users Cause Denial of Service Conditions
SecurityTracker Alert ID:  1035651
SecurityTracker URL:
CVE Reference:   CVE-2015-6360   (Links to External Site)
Date:  Apr 21 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco IP Phones. A remote user can cause denial of service conditions.

A remote user can send a specially crafted Secure Real-Time Transport Protocol (SRTP) packet to trigger an integer underflow in the encryption processing subsystem of the SRTP library (libSRTP) and cause denial of service conditions.

The vendor has assigned bug IDs CSCux00697, CSCux00707, CSCux00708, CSCux00745, CSCux00742, CSCux00748, CSCux01782, CSCux01786, and CSCux37802 to this vulnerability.

The following IP phone models are affected:

Cisco IP Phone 88x1 Series
Cisco DX Series IP Phones
Cisco IP Phone 88x5 Series
Cisco Unified 7800 Series IP Phones
Cisco Unified 8831 Series IP Conference Phone
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco Unified IP Phone 7900 Series
Cisco Unified IP Phone 8941 and 8945 (SIP)
Cisco Unified Wireless IP Phone

Other Cisco products are affected.

Randell Jesup with the Mozilla team reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor advisory.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC