Cisco Patches Multiple IP Phone, 802.1x Flaws

In an advisory issued Wednesday, Cisco described a glitch in its Unified IP Conference Station 7935 and 7936 devices that causes administrator login credentials to be cached, allowing subsequent users to log in to the Web-based administrator interface without a password.

In addition, the Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G and 7971G devices come with a hard-coded default user account with a default password, which can be accessed remotely through a Secure Shell (SSH) server on the devices, Cisco said.

The San Jose, Calif., networking vendor gave both flaws a CVSS base score of 10 out of 10, and Symantec's Deepsight gave them its highest severity rating of 10.

Attackers also could use the default user account to boost their access privileges for an affected device to an administrative level, according to Cisco, which gave this flaw a CVSS base score of 6.

In a separate Wednesday advisory, Cisco said it has fixed several privilege escalation and password disclosure vulnerabilities in the Cisco Secure Services Client (CSSC) and the Cisco Trust Agent (CTA), both of which incorporate 802.1x authentication software from its Meetinghouse acquisition last July.

Cisco gave a CVSS base score of 7 to three of the five CSSC vulnerabilities.

CSSC is software that lets organizations deploy a single authentication framework that employs the 802.1X authentication standard across multiple device types to govern access to wired and wireless networks. CTA is software that's installed on network endpoints to govern access to the network as part of Cisco's NAC framework.