[VOIPSEC] Cisco Security advisory
Hank Nussbacher
hank at efes.iucc.ac.il
Wed Nov 16 23:20:51 CST 2005
Looks like no need to be become overly clever to do damage to VOIP system :-)
>Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco
>7920
>Wireless IP Phone
>
>Document ID: 68179
>
>Advisory ID: cisco-sa-20051116-7920
>
>http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
>
>Revision 1.0
>
>For Public Release 2005 November 16 1600 UTC (GMT)
>
>- ---------------------------------------------------------------------------
>
>Contents
>========
>
> Summary
> Affected Products
> Details
> Impact
> Software Versions and Fixes
> Workarounds
> Obtaining Fixed Software
> Exploitation and Public Announcements
> Status of This Notice: FINAL
> Distribution
> Revision History
> Cisco Security Procedures
>
>- ---------------------------------------------------------------------------
>
>Summary
>=======
>
>The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE
>802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This
>product contains two vulnerabilities:
>
>The first vulnerability is an SNMP service with fixed community strings that
>allow remote users to read, write, and erase the configuration of an affected
>device.
>
>The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185
>that may allow an unauthenticated remote user to access debugging information
>or cause a denial of service.
>
>Cisco has made free software available to address these vulnerabilities for
>affected customers. There are workarounds available to mitigate the effects of
>the vulnerability.
>
>This advisory is posted at
>http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml.
>
>Affected Products
>=================
>
>Vulnerable Products
>+------------------
>
> * Cisco 7920 Wireless IP Phone, firmware version 2.0 and earlier
...more at the link above...
-Hank
More information about the Voipsec
mailing list