Cisco IP Phones Open To Attack

In particular, the issues affect phones using Skinny (SCCP) and SIP. Four of the advisories warned that the buffer and heap overflows detected in the IP phones could leave users susceptible to remote exploitation. An attacker could then execute a denial of service attack or take control of an entire affected system.

Lesser errors carry the potential of exposing the IP phones to a denial of service attack, enable privilege escalation or cause vulnerable phones to reboot and interrupt client voice services.

The Cisco UCM, the call processing component of San Jose, Calif.-based Cisco's IP telephony solution, also contains a serious flaw, detected in the key parameter of the Web interface by using the http or https protocol. The error leaves vulnerable systems open to an injection attack, which could terminate an SQL call and force a connection to the back-end database. An authenticated attacker could then access sensitive information, such as usernames and password hashes stored in the database. However the error would not enable an attacker to alter or delete information.

The company has already released free software updates addressing the error. A Cisco spokesperson said that the company planned to notify users as the updated software becomes available.

Security experts recommend that users update their IP phones with the patches that are available. Workarounds are also available for several of the vulnerabilities. Experts advise that users disable almost all ways to remotely manage the device, such as internal Telnet and HTTP servers and/or the filter remote access, which will eliminate exposure to the overflow and server DoS vulnerabilities.

Cisco researchers said that so far no malicious exploits have been detected for any of the vulnerabilities.