IP phone
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified IP Phone Overflow and Denial
of Service Vulnerabilities
Revision 1.0
For Public Release 2008 February 13 1600 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP
Phones 7900 Series
Advisory ID: cisco-sa-20110601-phone
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager IP
Phone Personal Address Book Synchronizer Privilege Escalation
Vulnerability
Advisory ID: cisco-sa-20090311-cucmpab
Revision 1.0
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone Surveillance Mode
# Risk: High
# Effect: Currently exploitable
# Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone Flooding Denial of Service
# Risk: High
# Effect: Currently exploitable
# Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: IP Phone
# Vendor: Nortel
# Subject: IP Phone forced re-authentication
# Risk: High
# Effect: Currently exploitable
# Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
Title:
------
* Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability
Summary:
--------
* The Cisco Unified IP Phone 7960G and 7940G (SIP) do not correctly
parse some malformed RTP headers leading to a deterministic denial of
service
----------------------------------------------------------------------
---[ Vulnerable platform ]
Dlink DPH 150s IP Phone
Firmware version: FRU1.7.291.130 and earlier
Link:
http://www.dlink.ru/ru/products/8/1352.html
=======
Cisco Unified Communications Manager (CUCM) is the call processing
component of the Cisco IP telephony solution that extends enterprise
telephony features and functions to packet telephony network devices,
such as IP phones, media processing devices, voice-over-IP (VoIP)
gateways, and multimedia applications.
When a CUCM server is deployed in secure mode, a Certificate Trust
List (CTL) is used by Cisco Unified IP Phone devices to verify the
identity of CUCM servers. The CTL contains public keys and other
===========
To mitigate against this vulnerability, system administrators can
disable the CAPF service if it is not necessary for business
operations. Access to the CAPF service is only required if Cisco
Unified Communications Manager systems and IP phone devices are
configured to use certificates for a secure deployment. If phones are
not configured to use certificates, then the CAPF service can be
disabled. The CAPF service is controlled by the Cisco Certificate
Authority Proxy Function menu selection.
=======
Cisco Unified Communications Manager is the call processing component
of the Cisco IP Telephony solution that extends enterprise telephony
features and functions to packet telephony network devices, such as
IP phones, media processing devices, voice-over-IP (VoIP) gateways,
and multimedia applications.
Certificate Trust List Provider Related Vulnerabilities
The Certificate Trust List (CTL) Provider service of Cisco Unified
=======
Cisco Unified Communications Manager is the call processing component
of the Cisco IP Telephony solution that extends enterprise telephony
features and functions to packet telephony network devices, such as
IP phones, media processing devices, voice-over-IP (VoIP) gateways,
and multimedia applications.
Certificate Trust List Provider Related Vulnerabilities
The Certificate Trust List (CTL) Provider service of Cisco Unified
Nortel IP phone DoS
Discovered: 2008-02-25
Tested on firmware: 0604DAS (Latest firmwares have also been tested.)
Welcome the return of the Ping of Death!
wait a minute...isn't this 2008?
Steps to reproduce:
________________________________________________________________________
Vendor: Cisco Systems
Product: CUCM Environment
Cisco Unified Communications Manager (CallManager)
Cisco IP Phone CP-7975G
Vulnerability: Directory Traversal
Reversible Obfuscation Algorithm
SCCP service security issues
CTFTP Information Leaks
Voice VLAN Separation Activated Late
Could you provide more details please. I've just tested it on Nortel IP Phone 2004 firmware 0604DAD and it doesn't work.
What is the maximum MTU size on you network? How fragmentation of that ping happening?
|
