Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnSwati KhandelwalTHN:2B0B29C3804CE51130D1C2CB99005D6E
HistoryMar 23, 2015 - 6:18 a.m.

Cisco IP Phones Vulnerable To Remote Eavesdropping

2015-03-2306:18:00
Swati Khandelwal
thehackernews.com
20

0.003 Low

EPSS

Percentile

71.7%

JSON

hacking-cisco-ip-phones

A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned.

LISTEN AND MAKE PHONE CALLS REMOTELY

The vulnerability (CVE-2015-0670) actually resides in the default configuration of certain Cisco IP phones is due to β€œimproper authentication”, which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request.

Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity.

AFFECTED DEVICES

The devices affects the Cisco’s small business _SPA300 _and _SPA500 _Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these device may also be affected by the flaw.

It’s likely that some phones have been configured to be accessible from the Internet, so it would be very easy for hackers to locate the vulnerable devices that run on vulnerable software versions by using the popular Shodan search engine.

> β€œTo exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device,” the Cisco advisory says. β€œThis access requirement may reduce the likelihood of a successful exploit.”

Cisco has confirmed the issue, which was discovered and reported by Chris Watts, a researcher at Tech Analysis in Australia, along with two other flaws – an XSS vulnerability (CVE-2014-3313) and a local code execution vulnerability (CVE-2014-3312).

VULNERABILITY UNPATCHED, YET SOME RECOMMENDATIONS

The company hasn’t patched the problem yet and is working on a new version of the firmware to fix the issue, although the company offers some recommendations in order to mitigate the risk:

  • Administrators are advised to enable XML execution authentication in the configuration setting of the affected device.
  • Administrators are advised to allow network access only to trusted users.
  • Administrators are advised to use Solid firewall strategies to help protect the affected systems from external attacks.
  • Administrators may also use IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  • Administrators are advised to closely monitor the vulnerable devices.

Related

cvelist 3
prion 3
cisco 3
nvd 3
cve 3
cvelist
cvelist
CVE-2015-0670
2015-03-21 01:00:00
CVE-2014-3312
2014-07-09 10:00:00
CVE-2014-3313
2014-07-09 10:00:00
prion
prion
Default configuration
2015-03-21 01:59:00
Cross site scripting
2014-07-09 11:07:00
Design/Logic Flaw
2014-07-09 11:07:00
cisco
cisco
Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability
2015-03-19 21:04:42
Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability
2014-07-09 14:14:02
Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability
2014-07-09 14:20:11
nvd
nvd
CVE-2015-0670
2015-03-21 01:59:01
CVE-2014-3313
2014-07-09 11:07:01
CVE-2014-3312
2014-07-09 11:07:01
cve
cve
CVE-2015-0670
2015-03-21 01:59:01
CVE-2014-3312
2014-07-09 11:07:01
CVE-2014-3313
2014-07-09 11:07:01

0.003 Low

EPSS

Percentile

71.7%

JSON
Related for THN:2B0B29C3804CE51130D1C2CB99005D6E
cvelist3prion3cisco3nvd3cve3