Featured
- Get link
- Other Apps
Cisco SPA 500 IP Phones Are Affected by a Security Issue
More and greater groups are selecting to make use of this sort of device to carry out voice conversations, even in many houses they've already been installed. However, these devices, like routers as an example, are not with out problems and a proof of this is the Cisco SPA 500 . These computers are suffering from a ;; security hassle that allows the sniffing of a communication ends without observe them .
As has been detailed, the security problem allows a third person to be part of the conversation without the need for authentication, being able to listen to the conversation without any of the participating endpoints being aware of this. In addition, you can find more helpful resources at popbom The demonstration has been carried out using the sending of an XML file that avoids said verification and automatically introduces the two main actors of the call in the middle, carrying out what could be considered a Man-in-the-Middle attack .
Despite how alarming it seems, the CVE-2015-0670
vulnerability has only been classified as risk level 6 out of 10, also
informing the manufacturer to take action.
In addition to the
Cisco SPA 500, so are the SPA 300
At first the problem was limited to only the first
model, however and after carrying out a series of checks, Cisco itself has
confirmed that it is a security problem that affects the firmware of
several devices, adding to the list all those that belong to the SPA 300
series. Regarding the software, at first it was thought that it was version
7.5.5. the one that made them vulnerable. However, after a long
battery of tests, they have found that all previous firmwares
are also affected.
Although at the moment there is no firmware to solve the problem, the manufacturer has provided two tips to mitigate the effect of this vulnerability. The first consists of disabling the authentication using XML files, thus breaking the activation path of the security flaw. The second advice they have published is to create ACLs, that is, lists of IP addresses authorized to establish a connection, thus preventing an unauthorized address from communicating with other computers.first come, first served
- Get link
- Other Apps
Popular Posts
Why does a small techno business need to move to cloud-based accounting platforms?
- Get link
- Other Apps
What is Biometric Data Protection?
- Get link
- Other Apps