ID
VAR-200209-0079
TITLE
Cisco IP Phone 7960 Firmware TFTP Authentication Weakness
Trust: 0.3
DESCRIPTION
The Cisco IP Phone 7960 uses TFTP (Trivial File Transfer Protocol) to download firmware images and configuration files. TFTP is conducted over UDP and does not provide authentication. Sensitive information is contained in the configuration file (such as the IP address of the SIP Proxy Server and the 'phone_password' credential). If an attacker can guess the name of configuration files, then it is possible to retrieve them from the TFTP server. Information gathered in this manner may aid in mounting further documented attacks which have the potential to compromise the IP telephony network.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 7960 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 5756 | Trust: 0.3 |
CREDITS
Discovery of this issue is credited to "Ofir Arkin" <ofir@sys-security.com>.
Trust: 0.3
SOURCES
| db: | BID | id: | 5756 |
LAST UPDATE DATE
2022-05-17T02:03:02.075000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 5756 | date: | 2002-09-19T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 5756 | date: | 2002-09-19T00:00:00 |