Vigil@nce - Cisco Unified IP Phone 7960G: altering the CTL
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass access restrictions of the CTL file of
Cisco Unified IP Phone 7960G, in order to alter the content of the
CTL file, so the phone trusts the attacker.
Impacted products: Cisco IP Phone
Severity: 2/4
Creation date: 21/02/2014
DESCRIPTION OF THE VULNERABILITY
A Cisco Unified IP Phone 7960G phone has a CTL (Certificate Trust
List).
However, an attacker can bypass access restrictions to the CTL
file, in order to inject a new entry. Technical details are
unknown.
An attacker can therefore bypass access restrictions of the CTL
file of Cisco Unified IP Phone 7960G, in order to alter the
content of the CTL file, so the phone trusts the attacker.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-IP-Phone-7960G-altering-the-CTL-14295