CVE-2007-4459

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 7940 and 7960 versions prior to 8.7(0)

Description The issue allows remote attackers to cause a denial of service, resulting in a device reboot. This can be achieved through specific sequences of invalid SIP messages, including a certain sequence of 10 invalid SIP INVITE and OPTIONS messages, or a certain invalid SIP INVITE message with a remote tag, followed by related SIP OPTIONS messages.

Recommendations For Cisco IP Phone 7940 and 7960 versions prior to 8.7(0), update to version 8.7(0) or later to resolve the issue. As a temporary workaround, consider restricting access to the SIP protocol to minimize the risk of exploitation. Avoid using the SIP INVITE and OPTIONS messages in a way that could trigger the denial of service condition until the issue is resolved.