Cisco Unified IP Phone Extension Mobility Feature Lets Remote Authenticated Users Eavesdrop
|
|
SecurityTracker Alert ID: 1019006
|
|
SecurityTracker URL: http://securitytracker.com/id?1019006
|
|
CVE Reference: CVE-2007-6190
(Links to External Site)
|
Updated: Dec 7 2007
|
Original Entry Date: Nov 28 2007
|
Impact: Disclosure of user information
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Description: A vulnerability was reported in Cisco Unified IP Phone. A remote user can eavesdrop on arbitrary phones in certain cases.
A remote user with valid Extension Mobility authentication credentials can cause a target phone that is configured to use Extension
Mobility to transmit or receive an audio stream.
The internal web server of the target phone must be enabled (the default configuration).
The
remote user must first obtain Extension Mobility authentication credentials by monitoring the network between a phone and the switch
port during login, as the credentials are sent without encryption.
Phones that are being remotely monitored will have the speaker
phone status light on and will display the off-hook icon.
Joffrey Czarny of Telindus reported this vulnerability at HACK.LU 2007.
The
original advisory is available at:
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
|
Impact: A remote user with certain authentication credentials can eavesdrop on arbitrary phones.
|
Solution: No solution was available at the time of this entry.
Cisco has described a workaround in their advisory.
The Cisco advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml (Links to External Site)
|
Cause: Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 28 Nov 2007 14:36:47 -0500
Subject: Cisco Security Response: Cisco Unified IP Phone Remote Eavesdropping
|
http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml
|
|
