Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco Unified SIP Phone 3905 Undocumented Interface Lets Remote Users Gain Root Access
SecurityTracker Alert ID:  1029789
SecurityTracker URL:
CVE Reference:   CVE-2014-0721   (Links to External Site)
Date:  Feb 20 2014
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco Unified SIP Phone 3905. A remote user can execute arbitrary code on the target system.

A remote user can connect to an undocumented test interface on TCP port 7870 to gain root access on the target device.

The vendor has assigned bug ID CSCuh75574 to this vulnerability.

Impact:   A remote user can gain root access on the target system.
Solution:   The vendor has issued a fix (Phone 3905 Firmware Release 9.4(1)).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

Hash: SHA512

Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

Advisory ID: cisco-sa-20140219-phone

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)



A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.  This advisory is available at the following link:

Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your message to

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC