Cisco voice over IP phones vulnerable to DNS attack

By Derek Sooman on May 25, 2005, 11:35 AM
Cisco voice over IP phones appear to be vulnerable to a flaw in their DNS protocol client software. DNS is responsible for translating domain names into IP addresses via DNS servers. Often, this information is compressed. Cisco has discovered a flaw in their voice over IP phones whereby malicious code could insert specially crafted DNS packets containing invalid information into the compressed section of the message, causing the IP phones to malfunction or crash.

Affected products include Cisco's 7902/7905/7912 IP phones, the Cisco ATA (analogue telephone adaptor) 186/188, and several Cisco Unity Express and Cisco ACNS (application and content networking system) devices.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.