• Florida's Premier Investigation & Detective Agency

  • Serving Naples, Florida, and anywhere needed

  • Contact us to learn how we can help

Cell Phone Forensics

Need to get data from a cell phone, mobile device or computer? We can help; click HERE.

Bug Sweeps

We offer extensive, high-tech sweeps for covert listening, video, recording and GPS devices. Learn more HERE..

Surveillance

We offer surveillance for many different needs, from infidelity, worker's compensation matters, non-compete agreements to many other legal purposes.

Cisco Small Business IP Phones Open to Remote Eavesdropping

by Dennis Fisher March 23, 2015 10:46 am

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says.

Source: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

#NaplesPI  #NaplesPrivateInvestigator  #NaplesDetective  #spying  #bugsweep

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says. 

- See more at: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

Naples Private Investigator Detective

I have had the opportunity of working with David Rich on several investigations over the past few years.  I am a criminal lawyer whose practice is limited to representing both victims of fraud as well as individuals who are targeted by the government of committing fraud.
 
Mr. Rich has recently been involved with me in two very complex investigations in which he played a vital role.  He displayed incredible computer-related skills as well as extensive knowledge of multiple investigative techniques which have led to very successful completions of  those investigations.

~ Yale T. Freeman, Esq

Naples Private Investigator Detective