Radu State

**Name of the Vulnerable Software and Affected Versions** Cisco IP Phone 7940 with firmware P0S3-08-7-00 **Description** The issue allows remote attackers to cause a denial of service, resulting in either "486 Busy" responses or device reboot. This is achieved through a sequence of SIP INVITE transactions where the Request-URI lacks a user name. **Recommendations** For Cisco IP Phone 7940 with firmware P0S3-08-7-00, consider restricting access to the SIP INVITE transaction to minimize the risk of exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 1.2.17 Asterisk versions 1.4.x prior to 1.4.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a SIP packet with a Response code 0. This is due to a problem in the `handle response` function. **Recommendations** For Asterisk versions prior to 1.2.17, update to version 1.2.17 or later. For Asterisk versions 1.4.x prior to 1.4.2, update to version 1.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 1.2.17 Asterisk versions 1.4.x prior to 1.4.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a SIP INVITE message with an SDP containing one valid and one invalid IP address. **Recommendations** For Asterisk versions prior to 1.2.17, update to version 1.2.17 or later. For Asterisk versions 1.4.x prior to 1.4.2, update to version 1.4.2 or later.