[cisco-voip] Cisco phones vulnerable to hack / remote access?

Chris Ward (chrward) chrward at cisco.com
Fri Jan 4 10:22:22 EST 2013


Also, this does NOT affect 7940s and 7960s as they don't run linux which is basis of the exploit.

+Chris
Unity Connection TME

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Scott Voll
Sent: Friday, January 04, 2013 10:03 AM
To: Robert Kulagowski
Cc: Cisco VOIP
Subject: Re: [cisco-voip] Cisco phones vulnerable to hack / remote access?

Lelio sent this out a week or two ago.  http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable  Check out the video.

We are a closed facility, so the attacker would have to either be inside, or take a phone off the wall in a reception area AND have SSH access.

I talked to my SE and he said:
Workaround = Restrict SSH and CLI access to trusted users only. Administrators may consider leveraging 802.1x device authentication to prevent unauthorized devices or systems from accessing the voice network.

Ang accomplished this by first gaining access to the device via SSH and utilizing TFTP to pull down a malicious binary that is designed to exploit the insufficient validation issue of the affected System Calls. He ran this from the user context on the device which performed the exploit. The caveats of this particular issue are that an attacker would need to have Authenticated Access either via SSH (Which would need to be enabled, it is not enabled by default), or local access via the Serial port. The attacker would also need to be able to point the device at an attacker-controlled TFTP server to retrieve the payload.
YMMV
Scott



On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <rkulagow at gmail.com<mailto:rkulagow at gmail.com>> wrote:
Since no one who knows anything for real is probably going to say
anything for now, are there any mitigating factors that I can start
thinking about once management sees the following article?

http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/83980435/attachment.html>


More information about the cisco-voip mailing list