Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Cisco Small Business IP phones vulnerable to eavesdropping

Cisco Small Business IP phones vulnerable to eavesdropping

2015/03/23

Help Net Security - (International) Cisco Systems confirmed that its Small Business SPA 300 and 500 series IP phones with firmware version 7.5.5 or older, contain flaws in authentication settings that could allow attackers to listen in on phone audio streams or make calls remotely by sending crafted extensible markup language (XML) requests to the affected device. The company is reportedly working on a patch to address the vulnerability.

Source: http://www.net-security.org/secworld.php?id=18119

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:47