Cisco IP Phone Flaw Repeats Familiar Refrain

Cisco distributed a security alert Wednesday warning businesses that vulnerabilities in the Cisco Unified IP Conference Station and IP Phone devices could make normal security measures ineffective.

The vendor says two models in its Unified IP Conference Station line (7935 and 7936) and six devices in its Unified IP Phone group (7906G, 7911G, 7941G, 7961G, 7970G and 7971G) carry flaws that escaped code review.

Those flaws put enterprise IP telephony systems at risk for remote attacks by cybercriminals who can commandeer the phones without having to go through normal authentication.

The vulnerabilities leave the Unified IP Conference Station models susceptible to a breach via HTTP by allowing attackers to circumvent user name and password restrictions.Cisco says attackers can access the phone and alter the device's configuration or launch a denial-of-service attack.

Cisco says the Cisco Unified IP Phones also carry a flaw that allows the default user names and passwords to be accessed through SSH (Secure Shell).

The vendor says the IP phones also have privilege-escalation vulnerabilities associated with defects in the command-line interface, which attackers can exploit to modify configuration or launch a DoS attack.

"Cisco is always testing for vulnerabilities in our products. When we do discover vulnerabilities we communicate the problem and the fixes to our customers," said Kevin Flynn, senior manager-security technology marketing-unified communications for Cisco. "In the case of the SSH issue referenced in the advisory, the vulnerability was discovered by Cisco internal testing. We know of no customers that have been impacted by these vulnerabilities."

Businesses can access information on fixes for the vulnerabilities at http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml.Network Computing has addressed the issues of IP phone security in the following feature: VoIP Security: Keeping IP Voice Safe and Sound .