• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities

Severity: CRITICAL

Description:

Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include:

- An unauthorized-access vulnerability in Cisco Unified IP Phones. Specifically, the device contains a default user account and password used for debugging purposes. This account cannot be removed, disabled, or modified. The default account can be accessed through the Command Line interface (CLI) through an SSH server. An attacker could exploit this issue to gain unauthorized access to the affected device. This issue is being monitored by Cisco Bug ID CSCsg34758.

- A privilege-escalation vulnerability in Cisco Unified IP Phones. Specifically, an attacker can use the default user account to gain access to the Command Line Interface (CLI) described above to execute arbitrary commands that may allow the attacker to gain elevated privileges. Exploiting this issue will result in the complete compromise of affected IP Phones or cause the devices to become unstable, denying service to legitimate users. This issue is being monitored by Cisco Bug IDs CSCsg34789 and CSCsg42627.

- An administrative-bypass vulnerability in Cisco Unified IP Conference Station. Specifically, this issue occurs because the affected devices maintain the state of an administrator's login session. When an administrator logs out, the administrator's credentials will be cached. This may allow an attacker to gain administrative access without authentication when a URL is accessed directly through the HTTP interface. This issue is being monitored by Cisco Bug ID CSC26788

An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users.

Affected Products:

• Cisco Unified IP Conference Station 3.2(15)
• Cisco Unified IP Conference Station 3.3(12)
• Cisco Unified IP Conference Station 7935
• Cisco Unified IP Conference Station 7936
• Cisco Unified IP Phone 7906G
• Cisco Unified IP Phone 7911G
• Cisco Unified IP Phone 7941G
• Cisco Unified IP Phone 7961G
• Cisco Unified IP Phone 7970G
• Cisco Unified IP Phone 8.0(4)SR1

References:

• Cisco: Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulner
• Cisco: Cisco Unified IP Conference Station Homepage
• Cisco: Cisco Unified IP Phone Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.