• Florida's Premier Investigation & Detective Agency

  • Serving Naples, Florida, and anywhere needed

  • Contact us to learn how we can help

Cell Phone Forensics

Need to get data from a cell phone, mobile device or computer? We can help; click HERE.

Bug Sweeps

We offer extensive, high-tech sweeps for covert listening, video, recording and GPS devices. Learn more HERE..

Surveillance

We offer surveillance for many different needs, from infidelity, worker's compensation matters, non-compete agreements to many other legal purposes.

Cisco Small Business IP Phones Open to Remote Eavesdropping

by Dennis Fisher March 23, 2015 10:46 am

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says.

Source: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

#NaplesPI  #NaplesPrivateInvestigator  #NaplesDetective  #spying  #bugsweep

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says. 

- See more at: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

Naples Private Investigator Detective

Naples Daily News - Private Investigator Detective

House of Woman Who Exploited Alzheimer's Patient Sold At Auction

"Velta Hanson hired an investigator, who discovered he'd been paying for expensive lunches with Teti..."

"That month, she fled after shutting off her electricity, closing her hurricane shutters and forwarding her mail to Sykesville, Md., where a private investigator has since located her."

 ~ Naples Daily News

Full article available HERE

*Public Court records, newspaper publication, and cited with permision from client.

Naples Private Investigator Detective