Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco IP Phone Flaw Repeats Familiar Refrain

Cisco continues to be plagued with security vulnerabilities related to embedded accounts and passwords that weren't removed in production code. Its Wireless Location Appliance (Advisory ID cisco-sa-20061012-wla); Wireless LAN Solution Engine (WLSE, Advisory ID cisco-sa-20040407-username); Security Monitoring, Analysis and Response System (CS-MARS, Advisory ID cisco-sa-20060111-mars); Guard and Traffic Anomaly Detector (Document ID 63569); and Application and Content Networking System (ACNS, Document ID 64069) all suffered from similar issues. Hopefully, Cisco is mandating stricter code review so that this low-hanging fruit in system hardening is addressed. Fortunately, this latest problem affects less than half the phone models Cisco has sold; their wireless handsets, the 7920 and 7921G, were unscathed.

Frank Bulk
NWC Contributing Technology Editor, Mobility

Cisco has got to fix the problem of default credentials and other basic credential handling on its products. No real long-term lessons for VoIP, except that we musto be aware these are complicated devices running multiple complicated protocols, and there will be exploits in the future (though hopefully less obvious than this one). Continued on the NWC Daily Blog...

Jordan Wiens
NWC Contributing Technology Editor

  • 1