This is the Cisco PSIRT response to the statements made by Dave Endler and Mark Collier in their presentation, 'Hacking Voice over IP (VoIP) Exposed' at BlackHat USA 2006.
We would like to thank Dave Endler for reporting this issue to us.
We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports.
This issue is currently being tracked by Cisco bug ID CSCse92417 (registered customers only) for IOS CallManager Express (CME).
Cisco CallManager has been tested and is not vulnerable to this attack.