Cisco Fixes High-Severity Vulnerabilities in IP Phone 77800, 8800

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Cisco released on Wednesday security patches for vulnerabilities present in its IP Phone 7800 and 8800 series. An attacker could exploit most of the flaws remotely without being authenticated.
The company says that it has no knowledge of any of the issues being exploited in the wild.

Plenty of DoS opportunities

All the vulnerabilities affect the 8800 series, while one that enables a denial-of-service (DoS) condition on the target, CVE-2019-1716, also impacts Cisco IP Phone 7800 series.
It stems from improper validation of user input during the authentication process and could be leveraged to execute arbitrary code, too.
"An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials," the security advisory reads.

Another flaw leading to a DoS state is CVE-2019-1766, which a remote attacker could exploit by sending a crafted, remote connection request; this would allow writing a file that exhausts the available disk space.
... ... ...
 
  • Like
Reactions: Vasudev
F

ForgottenSeer 58943

IP Phones are massive vulnerabilities.. I worked for a security firm and during an internal audit found several backdoored Digium Phones. It was hilarious, but at the same time sad as they compromised all of them through a pretty deep set of security layers.

My home has one of the safest IP Phone setups possible, but its because I designed it with a custom PBX that creates a 4096-Bit Symmetric Key over OpenVPN each time I pick up the phone. It's not getting hacked and specific other people I communicate with over similar systems they have are almost un-interceptable.

But yes.. Most IP phone systems are quite insecure and almost trivially compromised and often result in lateral movement on networks through those phones if they aren't properly segregated on vlans.
 
  • Like
Reactions: Vasudev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top