SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco Unified IP Phone Extension Mobility Feature Lets Remote Authenticated Users Eavesdrop
SecurityTracker Alert ID:  1019006
SecurityTracker URL:  http://securitytracker.com/id/1019006
CVE Reference:   CVE-2007-6190   (Links to External Site)
Updated:  Dec 7 2007
Original Entry Date:  Nov 28 2007
Impact:   Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco Unified IP Phone. A remote user can eavesdrop on arbitrary phones in certain cases.

A remote user with valid Extension Mobility authentication credentials can cause a target phone that is configured to use Extension Mobility to transmit or receive an audio stream.

The internal web server of the target phone must be enabled (the default configuration).

The remote user must first obtain Extension Mobility authentication credentials by monitoring the network between a phone and the switch port during login, as the credentials are sent without encryption.

Phones that are being remotely monitored will have the speaker phone status light on and will display the off-hook icon.

Joffrey Czarny of Telindus reported this vulnerability at HACK.LU 2007.

The original advisory is available at:

http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf

Impact:   A remote user with certain authentication credentials can eavesdrop on arbitrary phones.
Solution:   No solution was available at the time of this entry.

Cisco has described a workaround in their advisory.

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 28 Nov 2007 14:36:47 -0500
Subject:  Cisco Security Response: Cisco Unified IP Phone Remote Eavesdropping


http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC