Cisco Unified IP Conference Station and IP Phone Vulnerabilities
cisco-sa-20070221-phone · Critical · Published · Updated
Certain Cisco Unified IP Conference Station and IP Phone devices contain vulnerabilities which may allow unauthorized users to gain administrative access to vulnerable devices. Cisco Unified IP Conference Station Administrative Bypass Vulnerability Cisco Unified IP Conference Station 7935 and 7936 devices do not require a password when a URL is accessed directly via the administrator HTTP interface. There is a workaround for this vulnerability. Cisco Unified IP Phone Default Account and Privilege Escalation Vulnerabilities Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G and 7971G devices contain a hard coded default user account with a default password which is remotely accessible via a Secure Shell (SSH) server enabled on the phone. This default user account may be leveraged to gain administrative access to a vulnerable phone via a privilege escalation vulnerability. The default user account may also execute commands causing a phone to become unstable and result in a denial of service. The default user account can not be disabled, removed or have its password changed. There are mitigations available for these vulnerabilities. Cisco has made free software available to address these issues for affected customers. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070221-phone.
Cisco Unified IP Conference Station 7936, Cisco Unified IP Conference Station 7935, Cisco Unified IP Phone 7906G, Cisco Unified IP Phone 7911G, Cisco Unified IP Phone 7941G, Cisco Unified IP Phone 7961G, Cisco Unified IP Phone 7970G, Cisco Unified IP Phone 7971G