J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities

Severity: CRITICAL

Description:

Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include:

- An unauthorized-access vulnerability in Cisco Unified IP Phones. Specifically, the device contains a default user account and password used for debugging purposes. This account cannot be removed, disabled, or modified. The default account can be accessed through the Command Line interface (CLI) through an SSH server. An attacker could exploit this issue to gain unauthorized access to the affected device. This issue is being monitored by Cisco Bug ID CSCsg34758.

- A privilege-escalation vulnerability in Cisco Unified IP Phones. Specifically, an attacker can use the default user account to gain access to the Command Line Interface (CLI) described above to execute arbitrary commands that may allow the attacker to gain elevated privileges. Exploiting this issue will result in the complete compromise of affected IP Phones or cause the devices to become unstable, denying service to legitimate users. This issue is being monitored by Cisco Bug IDs CSCsg34789 and CSCsg42627.

- An administrative-bypass vulnerability in Cisco Unified IP Conference Station. Specifically, this issue occurs because the affected devices maintain the state of an administrator's login session. When an administrator logs out, the administrator's credentials will be cached. This may allow an attacker to gain administrative access without authentication when a URL is accessed directly through the HTTP interface. This issue is being monitored by Cisco Bug ID CSC26788

An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users.

Affected Products:

  • Cisco Unified IP Conference Station 3.2(15)
  • Cisco Unified IP Conference Station 3.3(12)
  • Cisco Unified IP Conference Station 7935
  • Cisco Unified IP Conference Station 7936
  • Cisco Unified IP Phone 7906G
  • Cisco Unified IP Phone 7911G
  • Cisco Unified IP Phone 7941G
  • Cisco Unified IP Phone 7961G
  • Cisco Unified IP Phone 7970G
  • Cisco Unified IP Phone 8.0(4)SR1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.