Nick's link seems like an internal site. I don't see anything on the public psirt page. <div><br></div><div><a href="http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory">http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory</a></div>
<div><br><br><br><div class="gmail_quote">On Fri, Jan 4, 2013 at 2:11 PM, Ed Leatherman <span dir="ltr"><<a href="mailto:ealeatherman@gmail.com" target="_blank">ealeatherman@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I completely missed the video at the top of the IEEE article the first time i read it.. i think my brain saw it as an advertisement and just ignored it.<div><br></div><div>The researchers full presentation is here also:</div>
<div><a href="http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be" target="_blank">http://www.youtube.com/watch?v=f3zUOZcewtA&feature=youtu.be</a><br></div></div><div class="gmail_extra"><div><div class="h5">
<br><br><div class="gmail_quote">
On Fri, Jan 4, 2013 at 10:02 AM, Scott Voll <span dir="ltr"><<a href="mailto:svoll.voip@gmail.com" target="_blank">svoll.voip@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Lelio sent this out a week or two ago. <a href="http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable" target="_blank">http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable</a> Check out the video.<div>
<br></div><div>We are a closed facility, so the attacker would have to either be inside, or take a phone off the wall in a reception area AND have SSH access.</div><div><br></div><div>I talked to my SE and he said: </div>
<div><span style="font-size:10.5pt;font-family:Calibri,sans-serif">Workaround = Restrict
SSH and CLI access to trusted users only. Administrators may consider
leveraging 802.1x device authentication to prevent unauthorized devices or
systems from accessing the voice network.</span><br></div><div><span style="font-size:10.5pt;font-family:Calibri,sans-serif"><br></span></div><div><p><span style="font-size:10.5pt;font-family:Calibri,sans-serif">Ang accomplished this by first gaining access to the device via
SSH and utilizing TFTP to pull down a malicious binary that is designed to
exploit the insufficient validation issue of the affected System Calls. He ran
this from the user context on the device which performed the exploit. The
caveats of this particular issue are that an attacker would need to have Authenticated
Access either via SSH (Which would need to be enabled, it is not enabled by
default), or local access via the Serial port. The attacker would also need to
be able to point the device at an attacker-controlled TFTP server to retrieve
the payload.</span></p><p><span style="font-size:10.5pt;font-family:Calibri,sans-serif">YMMV</span></p><span><font color="#888888"><p><span style="font-size:10.5pt;font-family:Calibri,sans-serif">Scott</span></p>
<p><span style="font-size:10.5pt;font-family:Calibri,sans-serif"> </span><span></span></p>
<span></span><span></span></font></span></div><div><span style="font-size:10.5pt;font-family:Calibri,sans-serif"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div>
On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <span dir="ltr"><<a href="mailto:rkulagow@gmail.com" target="_blank">rkulagow@gmail.com</a>></span> wrote:<br></div><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Since no one who knows anything for real is probably going to say<br>
anything for now, are there any mitigating factors that I can start<br>
thinking about once management sees the following article?<br>
<br>
<a href="http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite" target="_blank">http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite</a><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div></div></div><br></div>
<br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br>Ed Leatherman<br>
</font></span></div>
<br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>