<div dir="ltr">Lelio sent this out a week or two ago. <a href="http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable">http://m.spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable</a> Check out the video.<div>
<br></div><div style>We are a closed facility, so the attacker would have to either be inside, or take a phone off the wall in a reception area AND have SSH access.</div><div style><br></div><div style>I talked to my SE and he said: </div>
<div style><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black">Workaround = Restrict
SSH and CLI access to trusted users only. Administrators may consider
leveraging 802.1x device authentication to prevent unauthorized devices or
systems from accessing the voice network.</span><br></div><div style><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black"><br></span></div><div style><p class=""><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black">Ang accomplished this by first gaining access to the device via
SSH and utilizing TFTP to pull down a malicious binary that is designed to
exploit the insufficient validation issue of the affected System Calls. He ran
this from the user context on the device which performed the exploit. The
caveats of this particular issue are that an attacker would need to have Authenticated
Access either via SSH (Which would need to be enabled, it is not enabled by
default), or local access via the Serial port. The attacker would also need to
be able to point the device at an attacker-controlled TFTP server to retrieve
the payload.</span></p><p class="" style><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black">YMMV</span></p><p class="" style><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black">Scott</span></p>
<p class=""><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black"> </span><span id="line-43"></span></p>
<span id="line-44"></span><span id="line-45"></span></div><div style><span style="font-size:10.5pt;font-family:Calibri,sans-serif;color:black"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Fri, Jan 4, 2013 at 6:35 AM, Robert Kulagowski <span dir="ltr"><<a href="mailto:rkulagow@gmail.com" target="_blank">rkulagow@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Since no one who knows anything for real is probably going to say<br>
anything for now, are there any mitigating factors that I can start<br>
thinking about once management sees the following article?<br>
<br>
<a href="http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite" target="_blank">http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite</a><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div><br></div>