The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


The Trivial Cisco IP Phones Compromise


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 19 Sep 2002 12:22:32 +0100
From: Ofir Arkin <ofir@sys-security.com.>
To: [email protected]
Subject: The Trivial Cisco IP Phones Compromise

Dear all,

The referred paper lists several severe vulnerabilities with Cisco
systems' SIP-based IP Phone 7960 and its supporting environment. These
vulnerabilities lead to: complete control of a user's credentials; total
subversion of a user's settings for the IP Telephony network, and the
ability to subvert the entire IP Telephony environment. Malicious access
to a user's credentials could enable "Call Hijacking", "Registration
Hijacking", "Call Tracking", and other voice related attacks. The
vulnerabilities exist with any deployment scenario, but this paper deals
specifically with large scale deployments as recommended by Cisco.

A PDF version of the paper is available from:
http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C
ompromise.pdf 

A PDF Zipped version of the paper is available from:
http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C
ompromise.zip 


I would like to thank Josh Anderson for the help lent me during the
development of the paper.

Yours,
Ofir Arkin [[email protected]]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA




<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру