[cisco-voip] Cisco 7900 series phone Nessus scan
Brian Meade
bmeade90 at vt.edu
Wed May 21 17:10:54 EDT 2014
You could just disable web access :)
On Wed, May 21, 2014 at 5:05 PM, <me at go0se.com> wrote:
> When performing a Nessus scan on a 7970 Cisco phone running
> SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the following
> "medium" vulnerability:
>
> RomPager HTTP Referer Header XSS
>
> Description
>
> The remote RomPager HTTP server is affected by a cross-site scripting
> vulnerability. The server does not properly sanitize the referer header
> value when generating a 404 error page.
> Solution
>
> Upgrade to RomPager 4.51 or later.
> See Also
>
> http://www.nessus.org/u?54798697
>
> I also receive this same vulnerability when scanning a 7961 and a 9951
> phone. I've done some googling and don't find anything relevant to locking
> this down on a Cisco phone. Any suggestions?
>
> Thanks,
>
> Go0se
>
> --------------------------------------
>
> Help Hopegivers International
>
> feed the orphans of Haiti and India
>
> http://www.hopegivers.org
>
> --------------------------------------
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140521/1d3fd9e5/attachment.html>
More information about the cisco-voip
mailing list