On 24 March 2015 at 20:27, David Donovan <donovan.da...@gmail.com> wrote:
> On 24 March 2015 at 15:22, Jim Van Meggelen <jim.vanmegge...@gmail.com> > wrote: > >> >> http://www.itnews.com.au/News/401928,cisco-confirms-ip-phone-eavesdropping-flaw.aspx >> > > What's more surprising to me is that there's no patch. > I did some more reading on this because I felt like I must be missing something. It turns out I was. It looks like there isn't a software patch because the solution is to correct the incorrect "as shipped" default setting. Cisco says "Administrators are advised to enable XML Execution authentication in the configuration settings of affected devices." I'm not an expert and I haven't tested this but, as I read it, the problem can be solved by pushing a simple config value through auto provisioning. Also, I did a more specific query on Shodan and it looks like the affected firmware isn't the most common one. Again, helpfully, Cisco included the firmware version in the HTTP response so it's easy for an unauthenticated remote user to tell if the device is affected and worth exploiting. It's still thousands of devices though when you consider several models are affected. http://www.shodanhq.com/search?q=SPA525G2-7.5.5 http://www.shodanhq.com/search?q=SPA504g-7.5.5 All the best, Dave
