[cisco-voip] Cisco 7900 series phone Nessus scan

[Jason Aarons (AM)]

Were you able to successfully inject the Referer per the nessus.org database article using nmap?  The list of affected devices didn’t list any Cisco products, but test anyway.
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf


I always worry about generic nessus scans.  You really have to know what your doing, and my experience is that the person doing a Nessus scan really isn’t a security guru and won’t fact check what Nessus reports.



From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of me at go0se.com
Sent: Wednesday, May 21, 2014 5:06 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Cisco 7900 series phone Nessus scan



When performing a Nessus scan on a 7970 Cisco phone running
SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the
following "medium" vulnerability:

RomPager HTTP Referer Header XSS

Description

The remote RomPager HTTP server is affected by a cross-site scripting
vulnerability. The server does not properly sanitize the referer
header value when generating a 404 error page.
Solution

Upgrade to RomPager 4.51 or later.
See Also

http://www.nessus.org/u?54798697

I also receive this same vulnerability when scanning a 7961 and a 9951
phone. I've done some googling and don't find anything relevant to
locking this down on a Cisco phone. Any suggestions?

Thanks,

Go0se

--------------------------------------

Help Hopegivers International

feed the orphans of Haiti and India

http://www.hopegivers.org

--------------------------------------



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip


itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140521/054cd1f5/attachment.html>