A vulnerability in the web based management interface of the Session Initiation Protocol (SIP) Software on the Cisco IP Phone 7800 Series and the Cisco IP Phone 8800 Series could allow a non-authenticated remote attacker to generate a denial of service (DoS) condition or execute arbitrary code, mentioned experts from the best ethical hacking Institute, in conjunction with specialists from the International Institute of Cyber Security.
The vulnerability exists because the software poorly validates the input provided by the user during the authentication process. According to reports, a hacker could exploit this flaw by connecting to an affected device using HTTP and delivering malicious user keys.
If successful, the attacker could activate a reload on the affected device, thereby generating a denial-of-service condition, or could execute arbitrary code using the user privileges of the application, said the experts from the best ethical hacking Institute. The company has already released software updates to fix this vulnerability. Other risk mitigation methods are not known at the time of writing.
According to the experts from the best ethical hacking Institute, the vulnerability affects Cisco IP Phone 7800 Series and 8800 Series products, as these devices run the SIP software from earlier versions.
On the other hand, the company has recently confirmed that IP telephones running the known as Multiplatform Firmware are not affected by this vulnerability.
Cisco launched updates addressing the vulnerability mentioned above. Customers only need to install patches and wait for support for the versions according to their licenses. Cisco recommends not implementing temporary solutions or workarounds, since so far no functional solution is known that is not the one that the company will provide.
The company also recommends that users ensure that their systems are ready to receive the corresponding update, especially corroborating that there is sufficient space in the memory of the devices.