Cisco voice over IP phones appear to be vulnerable to a flaw in their DNS protocol client software. DNS is responsible for translating domain names into IP addresses via DNS servers. Often, this information is compressed. Cisco has discovered a flaw in their voice over IP phones whereby malicious code could insert specially crafted DNS packets containing invalid information into the compressed section of the message, causing the IP phones to malfunction or crash.
Affected products include Cisco's 7902/7905/7912 IP phones, the Cisco ATA (analogue telephone adaptor) 186/188, and several Cisco Unity Express and Cisco ACNS (application and content networking system) devices.