Cisco targets IP phone flaw

Cisco targets IP phone flaw

Cisco has released a patch to fix a software flaw that could open up its IP phones to DOS attacks.

Cisco Systems on Tuesday reacted to a warning from the U.K.'s National Infrastructure Security Co-ordination Centre (NISCC) that it had discovered a software flaw capable of causing the company's IP (Internet Protocol) telephones to crash.

The company issued a patch for the DNS (domain name system) protocol vulnerability, as well as free software, to fix the problem. The NISCC, also on Tuesday, categorized the flaw, which makes IP phones vulnerable to DOS (denial of service) attacks, as a moderate risk that also affects other software.

In its warning, the NISCC said that under certain circumstances, it is possible to cause both DNS servers and DNS clients to terminate abnormally by sending malformed messages.

Cisco said it knew of no products performing DNS server functions, or DNS packet inspection, which the vulnerability affects. The company also said that the problem only seemed to concern DNS clients running on its IP phones and content-networking products. Cisco's list of affected products included Cisco IP Phones 7902/7905/7912, Cisco ATA (Analog Telephone Adaptor) 186/188, as well as several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments