Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Cisco 7920 Wireless IP Phone - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco 7920 Wireless IP Phone
Fellow handler Donald Smith passed along the following information on two new vunerabilities.  Thanks Don!!


http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml

There are two vulnerabilities relating to the Cisco 7920 Wireless IP
 Phone:

 - The first vulnerability is an SNMP service with fixed community
 strings that allow remote users to read, write, and erase the
 configuration of an affected device

 - The second vulnerability is an open VxWorks Remote Debugger on UDP
 port 17185 that may allow an unauthenticated remote user to access
 debugging information or cause a denial of service

IP phones that have default passwords and unauthenticated managment
ports. KEWL:)



Lorna

165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!