Cisco IP Phone VxWorks debugger access

cisco-ipphone-vxworks-access (23068) The risk level is classified as MediumMedium Risk

Description:

The Cisco IP Phone could allow a remote attacker to gain unauthorized access to the device debugging port. By default, the device accepts VxWorks debugger connections on UDP port 17185. An attacker could use this vulnerability to obtain device debugging information and possibly cause a denial of service against the affected device.

Note: Senao SI-680H VOIP WIFI Phone also uses UDP port 17185 and is vulnerable to the same possible denial of service.


Consequences:

Gain Access

Remedy:

Upgrade to the latest fixed firmware version or apply the appropriate workaround, as listed in Cisco Security Advisory: cisco-sa-20051116-7920. See References.

For the Senao SI-680H VOIP WIFI Phone:
No remedy available as of August 2007.

References:

  • cisco-sa-20051116-7920: Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone.
  • Neohapsis Archives Full Disclosure Message #0538: Senao SI-680H VoIP Wifi phone undocumented open port.
  • Neohapsis Archives Message #0214 Nov 16,2005: Cisco Security Advisory: Fixed SNMP Communities and Open UDP Port in Cisco 7920 Wireless IP Phone.
  • SENAO International CO., LTD: Senao Product Information.
  • BID-15456: Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
  • BID-15475: Senao SI-680H and SI-7800H VOIP WIFI Phones VxWorks Remote Debugger Access Vulnerability
  • CVE-2005-3715: Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service.
  • CVE-2005-3804: Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
  • SA17604: Cisco Wireless IP Phone Two Vulnerabilities
  • SA17606: Senao SI-680H/SI-7800H Wireless VoIP Phone Potential Denial of Service
  • SECTRACK ID: 1015232: Cisco 7920 Wireless IP Phone Grants Remote Users SNMP Access, Discloses Debugging Information, and Lets Remote Users Deny Service
  • VUPEN/ADV-2005-2474: Senao SI-680H Wireless VoIP Phone Denial of Service Vulnerability

Platforms Affected:

  • Cisco 7920 Wireless IP Phone 1.0(8)
  • Cisco 7920 Wireless IP Phone 2.0
  • Senao Senao SI-680H 0.03.0839

Reported:

Nov 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page