ID
VAR-E-200209-0086
TITLE
Cisco IP Phone 7960 Unsigned Content Weakness
Trust: 0.3
DESCRIPTION
The Cisco IP Phone 7960 uses TFTP (Trivial File Transfer Protocol) to download firmware images and configuration files. TFTP does not provide authentication.
Firmware images are not signed, so there is no way for a client to determine that firmware is authentic. Firmware images with a higher version number are trusted by the vulnerable devices and will be retrieved and installed automatically when the devices are booted. This process is done transparently, without any user interaction.
If the attacker can compromise the TFTP server, then it is possible to cause malicious firmware to be installed in vulnerable devices. It is also possible to exploit this weakness if the attacker has control over a server which appears to the device to be the authentic TFTP server.
It is also theoretically possible for an attacker to substitute a malicious configuration file by exploiting this weakness.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | cisco | model: | ip phone | scope: | eq | version: | 7960 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Discovery of this issue is credited to "Ofir Arkin" <ofir@sys-security.com>.
Trust: 0.3
EXTERNAL IDS
db: | BID | id: | 5758 | Trust: 0.3 |
SOURCES
db: | BID | id: | 5758 |
LAST UPDATE DATE
2022-07-27T09:34:34.155000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 5758 | date: | 2002-09-19T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 5758 | date: | 2002-09-19T00:00:00 |