Vigil@nce - Cisco IP Phone 9900: buffer overflow of webapp
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in webapp of Cisco IP
Phone 9900, in order to trigger a denial of service, and possibly
to execute code.
Impacted products: Cisco IP Phone
Severity: 2/4
Creation date: 11/10/2013
DESCRIPTION OF THE VULNERABILITY
Cisco 9900 Series phones have a "webapp" (web application)
interface.
However, if the size of some fields is greater than the size of
the storage array, an overflow occurs.
An attacker can therefore generate a buffer overflow in webapp of
Cisco IP Phone 9900, in order to trigger a denial of service, and
possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IP-Phone-9900-buffer-overflow-of-webapp-13593