Vulnerability in Cisco IP Phones Allows Attackers to Remotely Eavesdrop on Audio Streams

  • 23 March 2015
  • 1 reply
  • 1 view

Userlevel 7
Badge +54
23rd March 2015 By David Bisson
 
A vulnerability in Cisco IP phones could allow unauthenticated attackers to remotely listen in on the phones’ audio streams.
According to an advisory Cisco published on its website, the vulnerability (CVE-2015-0670) results from improper authentication in the default configuration of certain Cisco IP phones.
“An attacker could exploit this vulnerability by sending a crafted XML request to the affected device,” the advisory explains. “An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”
Cisco has revealed that version 7.5.5 of the software that powers its Small Business SPA 300 and 500 series IP phones is vulnerable, though other versions might also be affected.
 
Full Article

1 reply

Userlevel 7
23 Mar 2015 at 08:04, Darren Pauli
 
Creeps can listen in to conversations placed over vulnerable Cisco small business phones.
Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones.
 Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations.
"An unauthenticated, remote attacker could exploit this vulnerability to listen to a remote audio stream from an affected device or to gain access to make phone calls remotely," it says in an advisory.
"A successful exploit could be used to conduct further attacks.
"The vulnerability is due to improper authentication settings in the default configuration of the affected software."
Attackers could potentially find exposed phones using the popular Shodan search engine, placing emphasis on the need for a system administrators to lock down devices.
Cisco doesn't have a patch for the problem, but says admins should enable XML execution authentication and allow only trusted users to have network access. Other IP-based access control lists could help too, Cisco says.
 
full article

Reply