Details on the Cisco IP Phone security vulnerabilities
As my colleague Marguerite Reardon reports, Cisco is spreading the word about some security vulnerabilities in their Unified IP Conference Station and IP Phones. That's one of them up there-the Cisco 7940.
The Cisco Unified IP Conference Station and IP Phone devices contain the following vulnerabilities:
1. It may be possible to access the Unified IP Conference Station administrative HTTP interface without authentication. This vulnerability can be exploited remotely with no authentication and no user interaction. If exploited, the attacker may alter the device configuration or create a Denial of Service. In a default configuration the attack vector is through TCP port 80. The TCP port used by the HTTP interface is configurable and should be verified before any traffic filtering is added to the network. This vulnerability is not designated by a CVE ID.
2. Vulnerable Cisco Unified IP Phones contain a default username and password that may be accessed via SSH. This vulnerability can be exploited remotely with no user interaction. If exploited, the attacker may be able to modify the device configuration or perform additional attacks. The attack vector is through TCP port 22. This vulnerability is not designated by a CVE ID.
3. Affected Cisco Unified IP Phones contain privilege escalation vulnerabilities that allow local, authenticated users to obtain administrative access to the phone. This vulnerability may be exploited remotely with authentication and no user interaction. If exploited, the attacker may be able to modify the device configuration or cause a Denial of Service. The attack vector is through TCP port 22. This vulnerability is not designated by a CVE ID.
The privilege escalation vulnerabilities involve defects in the command line interface of the affected devices. Upgrading vulnerable devices to fixed software is the only effective means by which to mitigate these particular vulnerabilities; therefore, no identification or mitigation techniques for these vulnerabilities will be detailed in this document.
Updates, patches, fixes, etc. will be posted here. Until then, network admins should keep airtight access control lists. I'd suggest doing this even after Cisco comes up with a fix for this.
I'll keep checking. May I suggest you do the same?