Friday, 23 February 2007
Cisco IP Phone Flaws Discovered |
| |
|
| |
Cisco has warned that fraudsters can get around security restrictions and compromise certain Cisco IP phones. The first problem is with the Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G and 7971G devices.
"This default user account may be leveraged to gain administrative access to a vulnerable phone via a privilege escalation vulnerability," Cisco warned. "The default user account may also execute commands causing a phone to become unstable and result in a denial of service."
Cisco says onecan access the Unified IP Conference Station administrative HTTP interface without authentication. "This vulnerability can be exploited remotely with no authentication and no user interaction," Cisco said. "If exploited, the attacker may alter the device configuration or create a denial of service." In a default configuration the attack vector is through TCP port 80, Cisco added.
Cisco has rolled out free patch software to address the flaws.
|
| |
|
|
| |
|
|
| |
|
|
| |
|
