Vigil@nce - Cisco Small Business ATA, IP Phone: Cross Site Scripting
July 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious SIP INVITE message, in order to
inject JavaScript code in the web interface of some Cisco Small
Business products, which leads to the execution of this JavaScript
code in the context of the browsing user.
Severity: 2/4
Creation date: 18/06/2012
IMPACTED PRODUCTS
– Cisco Analog Telephone Adaptator
– Cisco Unified IP Phone
DESCRIPTION OF THE VULNERABILITY
The following products have a web interface, where the user can
see the Call Log:
– Cisco Small Business SPA8000 8-port IP Telephony Gateway
– Cisco Small Business SPA8800 IP Telephony Gateway
– Cisco Small Business SPA2102 Phone Adapter with Router
– Cisco Small Business SPA3102 Voice Gateway with Router
– Cisco Small Business SPA500 IP Phone
However, the Sender/Caller field is directly copied from the From
header of the SIP INVITE message.
A remote unauthenticated attacker can therefore send a malicious
SIP INVITE message, in order to inject JavaScript code in the web
interface of some Cisco Small Business products, which leads to
the execution of this JavaScript code in the context of the
browsing user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Small-Business-ATA-IP-Phone-Cross-Site-Scripting-11717