Thursday, November 29, 2007

Alert - Cisco IP Phone Eavesdropping Issue

From FrSIRT...
A vulnerability has been identified in Cisco Unified IP Phone, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error within the Extension Mobility feature, which could allow a attacker with valid Extension Mobility authentication credentials to cause a vulnerable device configured to use the Extension Mobility feature (disabled by default) while the internal web server is enabled (enabled by default) to transmit or receive a Real-Time Transport Protocol (RTP) audio stream. (more)

Translation...
This series of phone can be remotely eavesdropped upon.