TELECOM Digest OnLine - Sorted: Cisco IP Phones Have a Huge Security Risk


Cisco IP Phones Have a Huge Security Risk


Cisco Security Derpartment (cisco@telecom-digest.org)
Thu, 22 Feb 2007 19:43:53 -0600

Cisco IP Phones Default Account Grants Remote Access and Subsequent
Privilege Escalation

SecurityTracker Alert ID: 1017681
SecurityTracker URL: http://securitytracker.com/id?1017681
CVE Reference: CVE-2007-1063 (Links to External Site)
Updated: Feb 22 2007

Original Entry Date: Feb 21 2007

Impact: Root access via local system, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Cisco Security Advisory

Version(s): 8.0(4)SR1 and prior; models 7906G, 7911G, 7941G, 7961G,
7970G, and 7971G

Description: A vulnerability was reported in Cisco IP Phones. A remote
user can access a default account on the target device. The user can
then obtain elevated privileges on the target device.

A remote user can access the target device via SSH and use a
hard-coded default user account and password to gain access to the
target device. Once access has been obtained, the user can invoke
commands to elevate their privileges and gain full administrative
access.

The default user account can not be disabled or removed and the
password cannot be change. The SSH server cannot be disabled.

The following models are affected:

7906G, 7911G, 7941G, 7961G, 7970G, and 7971G

The following models are not affected:

7902G, 7905, 7905G, 7910, 7912, 7912G, 7920, 7921G, 7940, 7960, and 7985.

Cisco has assigned Cisco Bug ID CSCsg34758 to the remote access
vulnerability and Cisco Bug IDs CSCsg34789 and CSCsg42627 to the
privilege escalation vulnerability.

Cisco discovered these vulnerabilities.

Impact: A remote user can gain access to the target device and then
gain elevated privileges on the target device.

Solution: The vendor has issued fixed firmware (8.0(4)SR2, 8.2(1)),
available at:

http://www.cisco.com/cgi-bin/tablebuild.pl/ip-7900ser

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml
(Links to External Site)

Cause: Access control error

Reported By: Cisco Systems Product Security Incident Response Team
<psirt@cisco.com>

Message History: None.

Path: telecom-digest.org!ptownson
Date: Thu, 22 Feb 2007 11:00:00 EST
From: communicationsdirect_daily <communicationsdirect@communicationsdirect>
Newsgroups: comp.dcom.telecom
Subject: CommunicationsDirect News Daily Update
Reply-To: communicationsdirect_daily-owner@communicationsdirectnews.com
Message-ID: <telecom26.55.4@telecom-digest.org>
Organization: TELECOM Digest
Sender: editor@telecom-digest.org
X-URL: http://telecom-digest.org/
X-Submissions-To: editor@telecom-digest.org
X-Administrivia-To: telecom-request@telecom-digest.org
X-Telecom-Digest: Volume 26, Issue 55, Message 4 of 9
Lines: 108

********************************
PricewaterhouseCoopers Presents
The CommunicationsDirect Daily Update
For February 22, 2007
********************************

This week's poll: What is most important to you when choosing a mobile
communications service provider? Visit our web site to vote.

Under the Spotlight 94Orascom CEO Adds TIM Hellas to Burgeoning Medit-
erranean Empire
http://communicationsdirectnews.com/do.php/120/22865?11228

Private equity players Apax and Texas Pacific Group (TPG) have
finally sold off the Greek mobile operator, TIM Hellas, and its
mobile operator subsidiary, Q-Telecom, for 3.4 billion euro
(US$4.4 billion), netting themselves a tidy 1.7-billion-euro
profit after just 20 months in the business. The sale price,
which includes a ...

TransTelecom and NTT Agree to Deal for International Fibre-Optic Cable
Deployment
http://communicationsdirectnews.com/do.php/140/22864?11228

NTT Comm, the long-distance and international arm of Japanese
telco NTT, and Russian long-distance backbone operator
TransTelecom are close to agreeing to a deal on the laying of an
international fibre-optic cable line, according to press
reports. The cable would link the island of Sakhalin, in the far
east of Russia, with the northern...

Patents Wars: AT&T vs. Microsoft vs. Alcatel; Vonage vs. Verizon
http://communicationsdirectnews.com/do.php/130/22861?11228

The next few days will be busy regarding patents, with a number
of issues coming up for court judgements. The case with the most
far-reaching international ramifications involves AT&T and
Microsoft, which questions the ability of U.S. federal courts to
award damages for patent infringement that occurs overseas -- in
this case, the use ...

Coming Soon: A Fixed-Mobile Convergence Spike
http://communicationsdirectnews.com/do.php/150/22859?11228

In an era of dramatic changes to telephone services, one of the
hottest new market phenomena is fixed-mobile convergence. ABI
Research has found that, by 2011, some 250 million users will be
making and receiving phone calls over converged fixed-mobile
networks and access points, and the firm expects capital
expenditure in ...

Cisco's Charmed by Cable VOIP Growth
http://communicationsdirectnews.com/do.php/120/22855?11228

Cable MSOs such as Comcast Corp. and Time Warner Cable Inc. are
showing big growth in VOIP, and Cisco Systems Inc.&nbsp;is
laughing all the way to the bank. Cisco's VOIP equipment
business grabbed market share leadership from Nortel Networks
Ltd. in the fourth quarter, according to new research from
market analysts ...

BlackBerry Convergence
http://communicationsdirectnews.com/do.php/150/22852?11228

Research In Motion Ltd. (RIM); Toronto: RIM) was one of the stars
of the show at last week's 3GSM World Congress in Barcelona. Some
news of the vendor's technology updates, however, got lost in the
information cavalcade, but could prove to be crucial in the
long-term. The BlackBerry was on the rise at the show. The
Canadian ...

Alltel for Sale?
http://communicationsdirectnews.com/do.php/120/22848?11228

During yesterday's earnings conference call, Alltel
representatives said the company was reviewing strategic options,
which sparked conjecture that the operator is shopping for
potential suitors. With its strong presence in the U.S. rural
market, it could be a big win for the right provider looking to
grow its subscriber ...

Cisco Reacts to Reactivity
http://communicationsdirectnews.com/do.php/150/22846?11228

Cisco Systems Inc. is continuing its push into applications
territory, announcing today a bid to acquire Reactivity Inc. , a
vendor of XML-processing appliances. The $135 million cash deal
is expected to close by the end of April. Reactivity's 56
employees would be folded into Cisco's Datacenter Switching and
Security ...

Non-Proprietary I/O Making Gains In Several Markets
http://communicationsdirectnews.com/do.php/140/22842?11228

SCOTTSDALE, Ariz. -- Non-proprietary I/O is having an increased
presence within the central processing, printed circuit board,
and IP communities, reports In-Stat. HyperTransport, PCI Express,
and Serial RapidIO have all announced major revisions to their
existing standards, the high-tech market research firm says. All
three ...

Your feedback on our e-letter is always welcome. Send email to:
CommunicationsDirect Editor <telecom_direct_editor@us.pwc.com>

Copyright (C) 2007 PricewaterhouseCoopers.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: USTelecom dailyLead: "Apple, Cisco Reach Terms Over iPhone Name"
Go to Previous message: James Quintana Pearce: "National Geographic Offers Super Roaming Service Telephone"
TELECOM Digest: Home Page