SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco Unified SIP Phone 3905 Undocumented Interface Lets Remote Users Gain Root Access
SecurityTracker Alert ID:  1029789
SecurityTracker URL:  http://securitytracker.com/id/1029789
CVE Reference:   CVE-2014-0721   (Links to External Site)
Date:  Feb 20 2014
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco Unified SIP Phone 3905. A remote user can execute arbitrary code on the target system.

A remote user can connect to an undocumented test interface on TCP port 7870 to gain root access on the target device.

The vendor has assigned bug ID CSCuh75574 to this vulnerability.

Impact:   A remote user can gain root access on the target system.
Solution:   The vendor has issued a fix (Phone 3905 Firmware Release 9.4(1)).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

Advisory ID: cisco-sa-20140219-phone

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.  This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtOUACgkQUddfH3/BbToAgwD/YVTgOAUwc7a7j1oWJqLyWjsi
49ZYhWjP2fS5b9hbKdsA/1STDtpjHVVhRv4AsS8AL2EenDZGj8NyfJPM9CEUjrUm
=Ol4C
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC