FL License A 1300215 (239) 285-4011 | Contact Us Today!

  • Florida's Premier Investigation & Detective Agency

  • Serving Naples, Florida, and anywhere needed

  • Contact us to learn how we can help

Cell Phone Forensics

Need to get data from a cell phone, mobile device or computer? We can help; click HERE.

Bug Sweeps

We offer extensive, high-tech sweeps for covert listening, video, recording and GPS devices. Learn more HERE..

Surveillance

We offer surveillance for many different needs, from infidelity, worker's compensation matters, non-compete agreements to many other legal purposes.

Cisco Small Business IP Phones Open to Remote Eavesdropping

by Dennis Fisher March 23, 2015 10:46 am

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says.

Source: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

#NaplesPI  #NaplesPrivateInvestigator  #NaplesDetective  #spying  #bugsweep

Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.

Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.

“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.

“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”

The vulnerability exists in version 7.5.5 of the firmware for the Cisco Small Business SPA500 IP phones. The fix for the bug is not yet available, but Cisco said it is preparing one. One mitigating factor for this vulnerability is that an attacker might need privileged access in order to exploit it.

“To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the Cisco advisory says.

In addition to this bug, Watts discovered a pair of other flaws in Cisco products. One of the other vulnerabilities enables an XSS attack on the IP phones.

“A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack,” the advisory from Tech Analysis says. 

- See more at: https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eavesdropping/111752#sthash.prfeaEN3.dpuf

Naples Private Investigator Detective

After months of trying to solve a problem on my own, I contacted Investigative Tactics with the expectation of a prolonged investigation.  Dave, the owner, was knowledgeable of how to handle my problem. He immediately attended to my case & had it handled & information delivered to me within minutes!!!  Next time They will be my first stop for Investigative Services!

~ Natalie Jarrett

Naples Private Investigator Detective