Signature Detail
Short Name |
HTTP:CISCO:VOIP:STREAM-ID-REQ |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
HTTP |
Keywords |
Cisco VoIP Phone Streaming Statistics Request |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cisco VoIP Phone Streaming Statistics Request
This signature detects attempts to exploit the small HTTP server included with Cisco VoIP phones. Versions CP-79xx are vulnerable. Attackers can review the statistical information served up by the StreamingStatistics script and use the information to perform attacks against the VoIP network.
Extended Description
The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems. It is possible to deny service to users of this line of phones. By placing a request to the /StreamingStatistics script with a stream ID (i.e. http://www.example.com/StreamingStatistics?<stream> where <stream> is an integer value) of arbitrarily high value, the phone will reset itself, creating the inability to place or receive calls for a period of up to thirty seconds. This has been reportedly reproduced by passing stream ID values of greater than 32768, and consistently reproduced with a value of 120000.
Affected Products
- Cisco VoIP Phone CP-7910 3.0.0
- Cisco VoIP Phone CP-7910 3.1.0
- Cisco VoIP Phone CP-7910 3.2.0
- Cisco VoIP Phone CP-7940 3.0.0
- Cisco VoIP Phone CP-7940 3.1.0
- Cisco VoIP Phone CP-7940 3.2.0
- Cisco VoIP Phone CP-7960 3.0.0
- Cisco VoIP Phone CP-7960 3.1.0
- Cisco VoIP Phone CP-7960 3.2.0
References