Bugtraq mailing list archives
The Trivial Cisco IP Phones Compromise
From: "Ofir Arkin" <ofir () sys-security com>
Date: Thu, 19 Sep 2002 12:22:32 +0100
Dear all, The referred paper lists several severe vulnerabilities with Cisco systems' SIP-based IP Phone 7960 and its supporting environment. These vulnerabilities lead to: complete control of a user's credentials; total subversion of a user's settings for the IP Telephony network, and the ability to subvert the entire IP Telephony environment. Malicious access to a user's credentials could enable "Call Hijacking", "Registration Hijacking", "Call Tracking", and other voice related attacks. The vulnerabilities exist with any deployment scenario, but this paper deals specifically with large scale deployments as recommended by Cisco. A PDF version of the paper is available from: http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C ompromise.pdf A PDF Zipped version of the paper is available from: http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C ompromise.zip I would like to thank Josh Anderson for the help lent me during the development of the paper. Yours, Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
Current thread:
- The Trivial Cisco IP Phones Compromise Ofir Arkin (Sep 19)
- Re: The Trivial Cisco IP Phones Compromise Jim Duncan (Sep 20)
- Re: The Trivial Cisco IP Phones Compromise Peter Peters (Sep 20)
- <Possible follow-ups>
- RE: The Trivial Cisco IP Phones Compromise Ofir Arkin (Sep 20)
- Re: The Trivial Cisco IP Phones Compromise Jim Duncan (Sep 20)