Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified IP Phone Extension Mobility Monitoring Vulnerability

Cisco-SA-20071128-CVE-2007-6190 · Medium · Published · Updated

Cisco Unified IP Phone devices contain a vulnerability that could allow an authenticated, remote attacker to eavesdrop on ongoing conversations around an affected device, potentially resulting in a disclosure of sensitive information. The vulnerability exists due to insecure handling of the Extension Mobility feature.  An authenticated, remote attacker could exploit this vulnerability by configuring an affected device to send out a continuous Real Time Protocol (RTP) stream to an attacker-controlled location.  This ongoing transmission could allow the attacker to monitor conversations that are happening in the physical space around the affected device. Cisco has confirmed this vulnerability in a security response; however, updates are not available. To exploit this vulnerability, an attacker must possess Extension Mobility credentials that are sufficient to allow authentication to the affected device.  Only devices with the Extension Mobility feature enabled, along with the built-in web service, are vulnerable to an attack.  Additionally, attackers can only attack Extension Mobility-enabled phones that a user is not logged in to.  A successful exploit could allow the attacker to eavesdrop on ongoing conversations taking place around the device. When an affected device is exploited, the phone exhibits visual signs that indicate that something is amiss.  An exploited device will illuminate the speakerphone button, and devices with LCD displays will show an off hook indication.  These factors along with the attacker requiring access to the VoIP network or VLAN significantly reduce the likelihood of an attack.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply updates as they become available.

Administrators are advised to follow VoIP telephony best practices when configuring the voice network.

Administrators are advised to utilize a dedicated VLAN for all VoIP traffic.

Administrators are advised to enforce 802.11x authentication for affected devices.

Administrators are advised to utilize ACLs to restrict access to the web servers of affected devices.

Administrators may consider hard setting MAC addresses on access layer switch ports to prevent unauthorized access.

Administrators may consider disabling the built-in web service on affected devices.

Administrators may consider disabling the Extension Mobility feature.

Administrators may consider disabling the speakerphone and headset functionality on affected devices.

CVEsCVE-2007-6190
Cisco Bug IDsNA
CVSS ScoreBase 4.0
Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:W/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Unified IP Phone 7906G, Cisco Unified IP Phone 7911G, Cisco Unified IP Phone 7941G, Cisco Unified IP Phone 7961G, Cisco Unified IP Phone 7970G, Cisco Unified IP Phone 7971G, Cisco Unified IP Phone 7931G, Cisco Unified IP Phone 7942G, Cisco Unified IP Phone 7962G, Cisco Unified IP Phone 7945G, Cisco Unified IP Phone 7965G

Related Products

Product CVE Evidence
Cisco Unified IP Phone 7906G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7911G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7931G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7941G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7942G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7945G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7961G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7962G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7965G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7970G CVE-2007-6190 Cisco OpenVuln
Cisco Unified IP Phone 7971G CVE-2007-6190 Cisco OpenVuln