Home » » Cisco VoIP adapters have critical security flaws

Cisco VoIP adapters have critical security flaws

No comments

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Security researchers Andrew Orr and Alex Weber purchased Cisco's SPA112 and SPA122 Analog Telephone Adapters (ATA) which connect a landline phone to a VoIP network. However, the two became curious about the security of these devices which have a large attack surface and began to run tests to see if any vulnerabilities were present in their recently purchased hardware.

Upon further inspection, they found that leveraging the flaws they found in Cisco's devices would allow a cybercriminal to completely compromise the web interface of the adapters as well as the underlying operating system.

Cisco VoIP adapters

According to a blog post published by the security researchers, the flaws they discovered would enable an attacker to steal credentials, create superusers with full privileges and execute arbitrary code. They also explained how they were able to achieve privilege escalation on Cisco's VoIP adapters, saying:

“We were able to take the lower-privilege “cisco” user, leak the “admin” user’s password hash and then “pass-the-hash” to elevate our privileges. Separately, we were able to use an arbitrary file read to defeat ASLR, and then exploit a stack overflow to achieve code execution as root.”

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

By using Shodan, the security researchers were able to identify a total of 3,662 potentially vulnerable devices so if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild.



from TechRadar - All the latest technology news https://ift.tt/2NXnbLI
Share:

Related Posts:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us