[NEWS] The Trivial Cisco IP Phones Compromise
From: support@securiteam.comDate: 09/22/02
- Previous message: support@securiteam.com: "[NEWS] The Art of Unspoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 22 Sep 2002 20:46:53 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
The Trivial Cisco IP Phones Compromise
------------------------------------------------------------------------
SUMMARY
The following paper lists several severe vulnerabilities with Cisco
systems' SIP-based IP Phone 7960 and its supporting environment. These
vulnerabilities lead to complete control of a user's credentials, the
total subversion of a user's settings for the IP Telephony network, and
the ability to subvert the entire IP Telephony environment. Malicious
access to a user's credentials could enable "Call Hijacking",
"Registration Hijacking", "Call Tracking", and other voice related
attacks. The vulnerabilities exist with any deployment scenario, but this
paper deals specifically with large-scale deployments as recommended by
Cisco.
DETAILS
Introduction:
The Cisco SIP-based IP Phone 7960 is vulnerable to a significant number of
severe security issues that enable a malicious attacker to completely
control a user's settings for the IP Telephony network. These security
problems include predictable configuration filenames, unauthenticated
access to the configuration files of the telephony equipment, and various
other issues.
Exploiting these vulnerabilities enables a malicious attacker to
completely control all operational aspects of the Cisco IP Phone 7960.
Complete control over the IP Phone allows an attacker to launch further
attacks against the IP Telephony infrastructure, such as "Call Hijacking"
or denial of service attacks. In some cases it appears that, the design of
the Cisco IP Phone 7960 is to blame, rather than simply a flaw in the
implementation.
The vulnerabilities exist with any deployment scenario using Cisco
SIP-based IP Phones (7960) and their supporting environment. This paper
specifically examines the Cisco recommendations for large-scale
deployments; targeting the weak link in the chain of security - the
unauthenticated mechanisms for administrating the IP Phones. This paper
enumerates these problems in the hopes of educating and advising
implementers and users of IP Telephony equipment.
ADDITIONAL INFORMATION
The rest of the advisory can be accessed by going to:
<http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_Compromise.pdf> http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_Compromise.pdf
The information has been provided by <mailto:ofir@sys-security.com> Ofir
Arkin.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] The Art of Unspoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
