TITLE: Cisco Wireless IP Phone Two Vulnerabilities SECUNIA ADVISORY ID: SA17604 VERIFY ADVISORY: http://secunia.com/advisories/17604/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of sensitive information, DoS WHERE: >From local network OPERATING SYSTEM: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Wireless IP Phone, which can be exploited by malicious people to gain access to potentially sensitive information, to modify certain information, and to cause a DoS (Denial of Service). 1) The SNMP service that runs on the IP phone uses fixed read-only and read-write community strings of "public" and "private", which cannot be changed by the user. This can be exploited to retrieve and modify the device configuration, including stored user data such as phone book entries by sending SNMP GetRequest or SetRequest to phone. 2) The IP phone listens on port 17185/udp to allow connections from the VxWorks debugger. This may be exploit to collect debugging information or to cause a DoS on the device. The vulnerabilities have been reported in Cisco 7920 Wireless IP Phone with firmware version 2.0 and prior. SOLUTION: Apply firmware update. http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------