Title: Cisco VoIP Phone Default Administrative Password Vulnerability
Severity: HIGH
Description:
The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems.
A problem with the phone systems could make it possible for a user with physical access to the phone to change the configuration. The problem is in the default administrative password.
By default, Cisco VoIP 7900 series phones use a default administrative password. The firmware sets a hard coded password of asterisk-asterisk-pound (*-*-#) that allows a user access to phone configuration parameters in the firmware. Through the use of this password, a user with physical access to the phone may be able to change configuration information on the phone.
This could allow a user to perform malicious activity, such as loading trojaned firmware, or other malicious deeds such as changing the call manager system IP address.
Affected Products:
- Cisco VoIP Phone CP-7910 3.0.0
- Cisco VoIP Phone CP-7910 3.1.0
- Cisco VoIP Phone CP-7910 3.2.0
- Cisco VoIP Phone CP-7940 3.0.0
- Cisco VoIP Phone CP-7940 3.1.0
- Cisco VoIP Phone CP-7940 3.2.0
- Cisco VoIP Phone CP-7960 3.0.0
- Cisco VoIP Phone CP-7960 3.1.0
- Cisco VoIP Phone CP-7960 3.2.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
