“The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE 802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This product contains two vulnerabilities: The first vulnerability is an SNMP service with fixed community strings that allow remote users to read, write, and erase the configuration of an affected device. The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185 that may allow an unauthenticated remote user to access debugging information or cause a denial of service.”

So over the wireless network I can read the configuration of your phone, write a new configuration, wipe out the configuration, view all the debug output, or prevent your phone from working all together. Great! I can’t wait until these come to market!
And another thing, shouldn’t Cisco know how to secure SNMP by now? Fixed community strings? They should know better…

Full Article


About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.