Cisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.
Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.
Cisco IP Phone 8800 series are business desk phones that supports HD video, while Cisco IP Phone 7800 series are designed for desktops and conference rooms in businesses.
All the flaws affect the Cisco 8800 series, while just one DoS issue (CVE-2019-1716) impacts Cisco IP Phone 7800 series.
The flaws result from improper validation of user-supplied input during the authentication process.
“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.” reads the security advisory published by Cisco.
“The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user.”
The Cisco IP Phone 8800 series is also affected by a file upload denial of service issue (CVE-2019-1766) that resides in the web-based management interface. The vulnerability could be exploited by a remote attacker to cause high disk utilization, resulting in a denial of service.
“The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system.” reads the security advisory published by Cisco. “A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. “
Cisco also addressed an authorization bypass vulnerability, tracked CVE-2019-1763, in the authorization management interface of its 8800 IP phones.
“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition.” reads the advisory published by Cisco.
“The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition.”
The most severe vulnerabilities in Cisco 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
The two issues rated with the highest severity score, 8.1 out of 10.
The CSRF flaw, tracked as CVE-2019-1764 affects the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series, it could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.
“The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link.” reads the advisory. “A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. “
The path traversal flaw tracked as CVE-2019-1765 results from a combination of insufficient input validation and file-level permissions.
“The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. ” states Cisco.
It gives an authenticated adversary write access to the filesystem of Cisco’s 8800 series IP phones and permits writing files of the attacker’s choice to arbitrary locations on affected products.
There are no workarounds for any of the vulnerabilities addressed by Cisco. The good news is that Cisco is not aware of any attack exploiting the issues in the wild.
Source: https://securityaffairs.co/wordpress/82752/security/cisco-ip-phone-8800-flaws.html