ALERT Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability

hecatae

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
768
Reaction score
201
A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone.

The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.

Cisco has confirmed the vulnerability; however, software updates are not available.
Click to expand...

And the last line is the best, from here: http://tools.cisco.com/security/center/viewAlert.x?alertId=37946
 
You must log in or register to reply here.

Members online

Total: 88 (members: 1, guests: 87)

Latest Posts

Forum statistics

Threads
25,811
Messages
167,759
Members
19,240
Latest member
nikko
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top