| Developers: | Cisco Systems |
| Branches: | Telecommunication and communication |
| Technology: | IP telephony |
Cisco SPA 300 and SPA 500 is family of IP phones, available at the price, with powerful feature set supported by the systems of unified communications of Cisco Unified Communications 500 and the IP telephony systems working by the principle of a hosting. Devices are intended for representatives of small and medium business.
2015: IP phone numbers Cisco SPA 300 and SPA 500 is easy to listen
On March 19, 2015 Cisco issued the bulletin of security in which the American company told about serious vulnerability in the SPA 300 and SPA 500 IP phone numbers. These devices focused on the enterprises of small and medium business can be wiretapped.[1]
As reported in Cisco, fault in the SPA 300 and SPA 500 models is connected with the wrong setup of authentication in the program configuration of devices set by default. The malefactors who underwent authentication in a system can send specially created XML-requests for defective devices to begin remote listening of audio streams of the victim or to make telephone calls from her name.
300 and SPA 500 it is easy to wiretap IP phone numbers of Cisco SPA
According to the producer, devices with a firmware 7.5.5 are subject to threat, however also phones with later versions of shell program can be vulnerable.
By March 23, 2015 the security update eliminating this gap in protection of the corporate Cisco phones is not released yet, and the company only advises to observe precautionary measures. In particular, administrators are recommended to turn on an option of authentication of requests XML Execution in the menu of settings of a configuration and to open access to Cisco SPA 300 and SPA 500 only to verified users having access to the network to which phones are connected. Besides, for protection of the vulnerable systems against the external attacks it is possible to use firewalls and access lists where traffic filtering is made on the basis of the analysis of the IP addresses.
The American vendor claims that to use vulnerability not easy as IP phones are, as a rule, installed in the internal corporate networks protected by firewalls and other means. However, as notes the PCWorld edition, some devices are configured for work on the Internet therefore these devices can be easily found malefactors through such services as Shodan which scan hundreds of millions available network devices worldwide.[2]
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |