Cisco Systems issued a security advisory January 9th. It warns Cisco Unified IP Phone users that the system contains a vulnerability that opens them up to potential eavesdropping.
The security advisory states that “Cisco Unified IP Phones 7900 series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability. That vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges”. The Cisco IP Phone is a popular model used in offices globally.
The Cisco IP Phone vulnerability is caused by a failure to properly validate input passed to kernel system calls from applications running in userspace. Attackers can exploit this issue by gaining local access to the device using physical access via the AUX port on the back of the device. They can also gain authenticated remote access. Afterwards they can execute an attacker-controlled binary that is designed to exploit the issue.
Cisco has acknowledged that there is no way to mitigate the physical attack vector on the affected devices. Cisco will conduct a phased remediation approach. Cisco will be releasing an intermediate Engineering Special software release for affected devices to mitigate known attack vectors for the vulnerability. The software release will be available upon request from the Cisco Technical Assistance Center once it is available.
Over the next several months, Cisco will also be rewriting portions of the 7900 series firmware. This measure will fully mitigate the underlying root cause to improve both the network and physical security posture of the affected devices.
The following Cisco Unified IP Phones 7900 Series devices are known to be affected by the vulnerability:
- Cisco Unified IP Phone 7906.
- Cisco Unified IP Phone 7911G.
- Cisco Unified IP Phone 7931G.
- Cisco Unified IP Phone 7941G.
- Cisco Unified IP Phone 7941G-GE
- Cisco Unified IP Phone 7942.
- Cisco Unified IP Phone 7945G.
- Cisco Unified IP Phone 7961G.
- Cisco Unified IP Phone 7961G-GE.
- Cisco Unified IP Phone 7962G.
- Cisco Unified IP Phone 7965G.
- Cisco Unified IP Phone 7970G.
- Cisco Unified IP Phone 7971G-GE.
- Cisco Unified IP Phone 7975G.