Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875, all running Cisco SIP Software. This vulnerability allows an unauthenticated, remote attacker to cause the device to reload, creating a DoS condition. The issue arises from a buffer overflow when the device processes HTTP packets. Exploitation requires the phone to be registered with Cisco Unified Communications Manager and have Web Access enabled, which is off by default.

Impact

Exploitation of this vulnerability causes the affected device to reload, leading to a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed software release can be found in the Cisco Security Advisory related to this vulnerability.