A vulnerability in the web based management interface of the Session Initiation Protocol (SIP) Software on the Cisco IP Phone 7800 Series and the Cisco IP Phone 8800 Series could allow a non-authenticated remote attacker to generate a denial of service (DoS) condition or execute arbitrary code, mentioned experts from the best ethical hacking Institute, in conjunction with specialists from the International Institute of Cyber Security.
The vulnerability exists because the software poorly validates the input provided by the user during the authentication process. According to reports, a hacker could exploit this flaw by connecting to an affected device using HTTP and delivering malicious user keys.
If successful, the attacker could activate a reload on the affected device, thereby generating a denial-of-service condition, or could execute arbitrary code using the user privileges of the application, said the experts from the best ethical hacking Institute. The company has already released software updates to fix this vulnerability. Other risk mitigation methods are not known at the time of writing.
According to the experts from the best ethical hacking Institute, the vulnerability affects Cisco IP Phone 7800 Series and 8800 Series products, as these devices run the SIP software from earlier versions.