Dear all, The referred paper lists several severe vulnerabilities with Cisco systems' SIP-based IP Phone 7960 and its supporting environment. These vulnerabilities lead to: complete control of a user's credentials; total subversion of a user's settings for the IP Telephony network, and the ability to subvert the entire IP Telephony environment. Malicious access to a user's credentials could enable "Call Hijacking", "Registration Hijacking", "Call Tracking", and other voice related attacks. The vulnerabilities exist with any deployment scenario, but this paper deals specifically with large scale deployments as recommended by Cisco. A PDF version of the paper is available from: http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C ompromise.pdf A PDF Zipped version of the paper is available from: http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_C ompromise.zip I would like to thank Josh Anderson for the help lent me during the development of the paper. Yours, Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
