[cisco-voip] Cisco phones vulnerable to hack / remote access?

Nick Matthews matthnick at gmail.com
Fri Jan 4 15:47:08 EST 2013


Apologies for that, thought it was a public PSIRT. Looks like these release
notes are about the same as what I was looking at:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuc83860


On Fri, Jan 4, 2013 at 2:21 PM, Justin Steinberg <jsteinberg at gmail.com>wrote:

> Nick's link seems like an internal site.    I don't see anything on the
> public psirt page.
>
>
> http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
>
>
>
> On Fri, Jan 4, 2013 at 2:11 PM, Ed Leatherman <ealeatherman at gmail.com>wrote:
>
>> I completely missed the video at the top of the IEEE article the first
>> time i read it.. i think my brain saw it as an advertisement and just
>> ignored it.
>>
>> The researchers full presentation is here also:
>> http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be
>>
>>
>> On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <svoll.voip at gmail.com> wrote:
>>
>>> Lelio sent this out a week or two ago.
>>> http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable Check out the video.
>>>
>>> We are a closed facility, so the attacker would have to either be
>>> inside, or take a phone off the wall in a reception area AND have SSH
>>> access.
>>>
>>> I talked to my SE and he said:
>>> Workaround = Restrict SSH and CLI access to trusted users only.
>>> Administrators may consider leveraging 802.1x device authentication to
>>> prevent unauthorized devices or systems from accessing the voice network.
>>>
>>> Ang accomplished this by first gaining access to the device via SSH and
>>> utilizing TFTP to pull down a malicious binary that is designed to exploit
>>> the insufficient validation issue of the affected System Calls. He ran this
>>> from the user context on the device which performed the exploit. The
>>> caveats of this particular issue are that an attacker would need to have
>>> Authenticated Access either via SSH (Which would need to be enabled, it is
>>> not enabled by default), or local access via the Serial port. The attacker
>>> would also need to be able to point the device at an attacker-controlled
>>> TFTP server to retrieve the payload.
>>>
>>> YMMV
>>>
>>> Scott
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <rkulagow at gmail.com>wrote:
>>>
>>>> Since no one who knows anything for real is probably going to say
>>>> anything for now, are there any mitigating factors that I can start
>>>> thinking about once management sees the following article?
>>>>
>>>>
>>>> http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>>
>> --
>> Ed Leatherman
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130104/1dd13835/attachment.html>


More information about the cisco-voip mailing list