Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability

Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context. Cisco has confirmed the vulnerability in a security advisory and released updated software. This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software:

Identifying and Mitigating Exploitation of the Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerabilityhttp://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27763

Administrators are advised to apply the appropriate updates.

Administrators are advised to monitor affected systems.