PUBLISHED DATE: October 4, 2002CVE-2002-0880:
Denial of Service Vulnerability

Description

Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2."

Products

• Cisco VoIP Phone CP-7940 3.0
• Cisco VoIP Phone CP-7940 3.1
• Cisco VoIP Phone CP-7940 3.2
• Cisco Skinny Client Control Protocol (SCCP) 3.0
• Cisco Skinny Client Control Protocol (SCCP) 3.1
• Cisco Skinny Client Control Protocol (SCCP) 3.2

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-0880, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-0880 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-0880