We just had a customer plug a phone into the carrier interface in front of the firewall (the carrier drops off a DPC3825 as their demarcation (set to bridge), and it happily hands out public IP addresses to whatever is plugged into it). Told them they ought to keep that set behind the firewall; they're working on it ...
It sounds like verifying that 'XML Authentication' would be a good thing. How I wish manufacturers would ship things with a default setting of 'secure' for such things, but of course then they'll get hammered with 'it doesn't work' support calls, so they quickly learn to set things to permissive, and put a little security caveat/lecture in the docs to cover their ass. On Tue, Mar 24, 2015 at 9:42 PM, David Donovan <[email protected]> wrote: > On 24 March 2015 at 20:27, David Donovan <[email protected]> wrote: > > > On 24 March 2015 at 15:22, Jim Van Meggelen <[email protected]> > > wrote: > > > >> > >> > http://www.itnews.com.au/News/401928,cisco-confirms-ip-phone-eavesdropping-flaw.aspx > >> > > > > What's more surprising to me is that there's no patch. > > > > I did some more reading on this because I felt like I must be missing > something. It turns out I was. > > It looks like there isn't a software patch because the solution is to > correct the incorrect "as shipped" default setting. Cisco says > "Administrators are advised to enable XML Execution authentication in the > configuration settings of affected devices." > > I'm not an expert and I haven't tested this but, as I read it, the problem > can be solved by pushing a simple config value through auto provisioning. > > Also, I did a more specific query on Shodan and it looks like the affected > firmware isn't the most common one. Again, helpfully, Cisco included the > firmware version in the HTTP response so it's easy for an unauthenticated > remote user to tell if the device is affected and worth exploiting. It's > still thousands of devices though when you consider several models are > affected. > http://www.shodanhq.com/search?q=SPA525G2-7.5.5 > http://www.shodanhq.com/search?q=SPA504g-7.5.5 > > All the best, > Dave >
