Cisco IP phones are vulnerable

Weaknesses in some models of Cisco Systems Inc. IP telephones could allow the devices to be restarted by a Web attack or even taken over by a malicious network client, the company said last month. A software fix is available.

A Web-based attacker using common denial-of-service programs could cause a Cisco IP phone to restart, ending any call in progress. Phones could also be restarted using invalid HTTP requests to a Web server running on certain IP phone configurations.

The vulnerability affects Cisco 7910, 7940, and 7960 IP phones, which are used with the vendor’s Architecture for Voice, Vide and Integrated Data (AVVID) IP telephony phone system, based on CallManager software.

Cisco was the leading seller of IP phones last year according to Instat/MDR, and the company has an installed base of more than 500,000 IP phones and 6 million-plus VoIP system ports.

A software fix for affected IP phones can be obtained here.

Denial-of-service attacks based on well-known methods such as “jolt,” “jolt2,” “raped,” “hping2,” “bloop,” “bubonic,” “mutant,” “trash” and “trash2.” Could be used to shutdown an IP phone. Cisco says a software fix resolves this problem by allowing the IP phones to resist high rates of traffic directed to the phones.

The Web vulnerability on Cisco phones stems from a built-in Web server on port 80 of the affected products, meant for administrators to access debugging and status information pages about the phone. By modifying an HTTP request to the phone, attackers could restart the devices via a Web connection.

Cisco IP phones running Session Initiation Protocol or Media Gateway Control Protocol software images are not susceptible to Web-based HTTP attacks, but could be affected by denial-of-service program attacks.

Cisco also warns that by physically accessing the phone and downloading software or reconfiguring the device, an attacker could set up an IP phone so that it could be taken over via a network connection.

“A successful attacker could gain full control over the operation of the IP Phone and any call setup requests and responses made between the IP Phone and Cisco CallManagers or other VoIP gateways,” according to a statement on Cisco’s Web site.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now