Vigil@nce - Cisco IP Phone 8800: bad permissions in the filesystem
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the console of the Cisco IP Phone 8800, in
order to get sensitive data or change the system image.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Creation date: 24/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IP Phone 8800 product offers a console providing a
direct access to the embedded system.
However, the file permissions are not sufficiently restricted, an
attacker who can get a shell, which is normally unprivileged, can
read and write system files, including manage to get full
administrator rights.
An attacker can therefore use the console of the Cisco IP Phone
8800, in order to get sensitive data or change the system image.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-IP-Phone-8800-bad-permissions-in-the-filesystem-19968