Denial of Service Vulnerability in Cisco 9900 Phones Firmware Release
CVE-2015-4226

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ip Phones 9900 Series Firmware
Vendor: CVE Published:; 30 June 2015

Summary

The packet-storing capability on Cisco 9900 phones running firmware version 9.3(2) is susceptible to exploitation due to inadequate support for the RTP protocol. Remote attackers can exploit this flaw by sending malformed RTP packets after a call has been established, potentially leading to a denial of service where the device becomes unresponsive or hangs, thus disrupting normal functions.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032748

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/75471

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 30, 2015
Vulnerability Reserved
Jun 4, 2015