早急に対応をしましょう！！！てことらしいです。

• Cisco IP Phones present multiple and serious overflows and DoS vulnerabilities. It is time to update your VoIP phones! This issues affect phones using Skinny (SCCP) or/and SIP. The vulnerabilities affect several phone components, and the first four are specially relevant:
  • DNS (CVE-2008-0530): Malicious DNS responses may trigger a buffer overflow and execute arbitrary code on a vulnerable phone.
  • SSH ( CVE-2004-2486, old CVE): Buffer overflow on the phone SSH server that may allow remote code execution with system privileges.
  • SIP (CVE-2008-0528): Buffer overflow when handling MIME on SIP messages that may allow remote code execution.
  • SIP (CVE-2008-0531): Heap overflow when handling SIP challenge and response messages with the SIP proxy that may allow remote code execution.
  • ICMP (CVE-2008-0526): DoS due to large ICMP echo request packets (another ping of death!).
  • HTTP (CVE-2008-0527): DoS due to specially crafted HTTP requests to the phone HTTP server.
  • Telnet (CVE-2008-0529): Buffer overflow may allow privilege escalation.
• Cisco UCM is vulnerable to SQL injection (CVE-2008-0026): An authenticated user could access sensitive database information, such as usernames and password hashes, and call records, plus alter or delete call record information from the database. Update to UCM versions 5.1(3a) or 6.1(1a). The flaw is in the key parameter of either the admin or user interface page.