Secunia Security Advisory - Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions.
02691c0bb9e0d351110b0a971e946cd28cca5fb808fff9f0a4ddbde4bf764674
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Cisco Unified IP Phone Extension Mobility Weakness
SECUNIA ADVISORY ID:
SA27829
VERIFY ADVISORY:
http://secunia.com/advisories/27829/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IP Phone 7900 Series
http://secunia.com/product/2809/
DESCRIPTION:
Joffrey Czarney has reported a weakness in Cisco Unified IP Phones,
which can be exploited by malicious people to bypass certain security
restrictions.
The problem is that the Extension Mobility authentication credentials
are not encrypted when communicating with the internal web server of
an IP phone. This can be exploited to sniff the authentication
credentials and perform various actions on a target IP phone (e.g.
remotely login/logout a user or eavesdrop on calls).
Successful exploitation requires that the Extension Mobility feature
is enabled (not enabled by default).
The weakness affects all Cisco IP Phones that support the Extension
Mobility feature.
SOLUTION:
The vendor has provided some workaround to mitigate this issue.
Please see the vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Joffrey Czarney, Telindus
ORIGINAL ADVISORY:
Cisco (100252):
http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------