Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → VOIP etc → VOIP →

VOIP Tech Chat → [Equipment] Cisco SPA300 and SPA500 Unauthenticated Remote Dial Vulnerability

uniqs
435

« [Voip.ms] atlanta2.voip.ms: intermittent loss of registration today • Selecting a Device to Connect PAP2T Sip Adapter to 1200 AC WiFi »

PX Eliezer1 Premium Member join:2013-03-10 Zubrowka USA 2 recommendations	PX Eliezer1 Premium Member 2015-Mar-26 9:00 am [Equipment] Cisco SPA300 and SPA500 Unauthenticated Remote Dial Vulnerability A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone. The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely. »tools.cisco.com/security ··· Id=37946 Also: »www.itworldcanada.com/ar ··· s/334974
	actions · 2015-Mar-26 9:00 am ·
Arne Bolen User of Anveo Direct, 3CX and Qubes OS. Premium Member join:2009-06-21 Utopia	Arne Bolen Premium Member 2015-Mar-26 9:08 am said by »tools.cisco.com/security ··· Id=37946 : To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit.
	actions · 2015-Mar-26 9:08 am ·
toro join:2006-01-27 Scarborough, ON 2 recommendations	toro Member 2015-Mar-26 8:28 pm You would be surprised how many ATAs and IP phones are connected directly to the internet with a public IP address and no firewall. Many without an admin password set
	actions · 2015-Mar-26 8:28 pm ·
arpawocky Premium Member join:2014-04-13 Columbus, OH	arpawocky to Arne Bolen Premium Member 2015-Mar-27 2:08 am to Arne Bolen said by »tools.cisco.com/security ··· Id=37946 : To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit. Not that difficult to pull off with a DNS Rebinding attack, or even with a relatively simple CSRF attack, perhaps coupled with a targeted malicious email.
	actions · 2015-Mar-27 2:08 am ·
jlk440 join:2008-11-30 Romney, WV 1 recommendation	jlk440 to PX Eliezer1 Member 2015-Apr-11 12:04 am to PX Eliezer1 Fixed by firmware 7.5.7s released April 10, 2015. »www.cisco.com/c/en/us/td ··· -7s.html
	actions · 2015-Apr-11 12:04 am ·

Forums → VOIP etc → VOIP → VOIP Tech Chat	« [Voip.ms] atlanta2.voip.ms: intermittent loss of registration today • Selecting a Device to Connect PAP2T Sip Adapter to 1200 AC WiFi »