<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body style="font-family: serif; font-size: 13px;" text="#000000"
    bgcolor="#FFFFFF">
    <div id="QCMcontainer" style="font-family:serif;font-size:13px;">PSIRT
      will be including all updated information related to this on the
      defect, CSCuc83860. <br>
      <div class="moz-cite-prefix"><br>
        <pre class="moz-signature" cols="72">Adam 
</pre>
        <hr tabindex="0"><font style="font-size:x-small" face="Tahoma"><!--@A@--><b>From:</b>
          Ed Leatherman <a class="moz-txt-link-rfc2396E" href="mailto:ealeatherman@gmail.com"><ealeatherman@gmail.com></a><!--@A@--><br>
          <!--@D@--><b>Sent:</b> Fri, Jan 04, 2013 2:11:24 PM<!--@D@--><br>
          <!--@R@--><b>To:</b> Scott Voll <a class="moz-txt-link-rfc2396E" href="mailto:svoll.voip@gmail.com"><svoll.voip@gmail.com></a><!--@R@--><br>
          <!--@C@--><b>CC:</b> Cisco VOIP
          <a class="moz-txt-link-rfc2396E" href="mailto:cisco-voip@puck.nether.net"><cisco-voip@puck.nether.net></a><!--@C@--><br>
          <!--@S@--><b>Subject:</b> Re: [cisco-voip] Cisco phones
          vulnerable to hack / remote access?<!--@S@--><br>
        </font><br>
      </div>
      <blockquote style="border: medium none ! important; padding-left:
        0px ! important; padding-right: 0px ! important; margin-left:
        0px ! important; margin-right: 0px ! important; font-size:
        medium;"
cite="mid:CAFC4dsp8XVUYSmiTG5FQAv=DtR7p5YYuyhROhy2S41Or8F+7-Q@mail.gmail.com"
        type="cite">
        <div dir="ltr">I completely missed the video at the top of the
          IEEE article the first time i read it.. i think my brain saw
          it as an advertisement and just ignored it.
          <div><br>
          </div>
          <div style="">The researchers full presentation is here also:</div>
          <div style=""><a moz-do-not-send="true"
              href="http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be">http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be</a><br>
          </div>
        </div>
        <div class="gmail_extra"><br>
          <br>
          <div class="gmail_quote">
            On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <span dir="ltr"><<a
                moz-do-not-send="true"
                href="mailto:svoll.voip@gmail.com" target="_blank">svoll.voip@gmail.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="ltr">Lelio sent this out a week or two ago.  <a
                  moz-do-not-send="true"
href="http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable"
                  target="_blank">http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable</a>
                 Check out the video.
                <div>
                  <br>
                </div>
                <div>We are a closed facility, so the attacker would
                  have to either be inside, or take a phone off the wall
                  in a reception area AND have SSH access.</div>
                <div><br>
                </div>
                <div>I talked to my SE and he said: </div>
                <div><span
                    style="font-size:10.5pt;font-family:Calibri,sans-serif">Workaround
                    = Restrict
                    SSH and CLI access to trusted users only.
                    Administrators may consider
                    leveraging 802.1x device authentication to prevent
                    unauthorized devices or
                    systems from accessing the voice network.</span><br>
                </div>
                <div><span
                    style="font-size:10.5pt;font-family:Calibri,sans-serif"><br>
                  </span></div>
                <div>
                  <p><span
                      style="font-size:10.5pt;font-family:Calibri,sans-serif">Ang
                      accomplished this by first gaining access to the
                      device via
                      SSH and utilizing TFTP to pull down a malicious
                      binary that is designed to
                      exploit the insufficient validation issue of the
                      affected System Calls. He ran
                      this from the user context on the device which
                      performed the exploit. The
                      caveats of this particular issue are that an
                      attacker would need to have Authenticated
                      Access either via SSH (Which would need to be
                      enabled, it is not enabled by
                      default), or local access via the Serial port. The
                      attacker would also need to
                      be able to point the device at an
                      attacker-controlled TFTP server to retrieve
                      the payload.</span></p>
                  <p><span
                      style="font-size:10.5pt;font-family:Calibri,sans-serif">YMMV</span></p>
                  <span class="HOEnZb"><font color="#888888">
                      <p><span
                          style="font-size:10.5pt;font-family:Calibri,sans-serif">Scott</span></p>
                      <p><span
                          style="font-size:10.5pt;font-family:Calibri,sans-serif"> </span><span></span></p>
                      <span></span><span></span></font></span></div>
                <div><span
                    style="font-size:10.5pt;font-family:Calibri,sans-serif"><br>
                  </span></div>
              </div>
              <div class="gmail_extra"><br>
                <br>
                <div class="gmail_quote">
                  <div class="im">
                    On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <span
                      dir="ltr"><<a moz-do-not-send="true"
                        href="mailto:rkulagow@gmail.com" target="_blank">rkulagow@gmail.com</a>></span>
                    wrote:<br>
                  </div>
                  <div>
                    <div class="h5">
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">
                        Since no one who knows anything for real is
                        probably going to say<br>
                        anything for now, are there any mitigating
                        factors that I can start<br>
                        thinking about once management sees the
                        following article?<br>
                        <br>
                        <a moz-do-not-send="true"
href="http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite"
                          target="_blank">http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite</a><br>
                        _______________________________________________<br>
                        cisco-voip mailing list<br>
                        <a moz-do-not-send="true"
                          href="mailto:cisco-voip@puck.nether.net"
                          target="_blank">cisco-voip@puck.nether.net</a><br>
                        <a moz-do-not-send="true"
                          href="https://puck.nether.net/mailman/listinfo/cisco-voip"
                          target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
                      </blockquote>
                    </div>
                  </div>
                </div>
                <br>
              </div>
              <br>
              _______________________________________________<br>
              cisco-voip mailing list<br>
              <a moz-do-not-send="true"
                href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
              <a moz-do-not-send="true"
                href="https://puck.nether.net/mailman/listinfo/cisco-voip"
                target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
              <br>
            </blockquote>
          </div>
          <br>
          <br clear="all">
          <div><br>
          </div>
          -- <br>
          Ed Leatherman<br>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
      </blockquote>
      <br>
    </div>
  </body>
</html>