[VOIPSEC] Cisco Security advisory

Christopher A. Martin chris at InfraVAST.com
Fri Nov 18 18:24:16 CST 2005 

Simple things like sip aware firewalls can prevent this from occuring by 
implementing proper access control/encrytion. Anyone who is directly 
impacted probably placed this on a public segment (I have seen this many 
times).

Chris


Hank Nussbacher wrote:

>Looks like no need to be become overly clever to do damage to VOIP system :-)
>
>  
>
>>Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 
>>7920
>>Wireless IP Phone
>>
>>Document ID: 68179
>>
>>Advisory ID: cisco-sa-20051116-7920
>>
>>http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
>>
>>Revision 1.0
>>
>>For Public Release 2005 November 16 1600 UTC (GMT)
>>
>>- ---------------------------------------------------------------------------
>>
>>Contents
>>========
>>
>>    Summary
>>    Affected Products
>>    Details
>>    Impact
>>    Software Versions and Fixes
>>    Workarounds
>>    Obtaining Fixed Software
>>    Exploitation and Public Announcements
>>    Status of This Notice: FINAL
>>    Distribution
>>    Revision History
>>    Cisco Security Procedures
>>
>>- ---------------------------------------------------------------------------
>>
>>Summary
>>=======
>>
>>The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE
>>802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This
>>product contains two vulnerabilities:
>>
>>The first vulnerability is an SNMP service with fixed community strings that
>>allow remote users to read, write, and erase the configuration of an affected
>>device.
>>
>>The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185
>>that may allow an unauthenticated remote user to access debugging information
>>or cause a denial of service.
>>
>>Cisco has made free software available to address these vulnerabilities for
>>affected customers. There are workarounds available to mitigate the effects of
>>the vulnerability.
>>
>>This advisory is posted at
>>http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml.
>>
>>Affected Products
>>=================
>>
>>Vulnerable Products
>>+------------------
>>
>>  * Cisco 7920 Wireless IP Phone, firmware version 2.0 and earlier
>>    
>>
>
>...more at the link above...
>
>-Hank
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>

More information about the Voipsec mailing list