Multiple Vulnerabilities in CISCO VoIP Phones
Johnathan Nightingale did a research on CISCO VoIP Phones and found several security vulnerabilities in CP-7960, CP-7940, and CP-7910 phones.
The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks directed at intercepting telephone traffic.
Advisory which details all the found problems can be found here:
Simultaneously Cisco released "Cisco Security Advisory: Multiple Vulnerabilities in Cisco IP Telephones" which deals with patches and workarounds for this problem. It can be found over here: