{"id":691,"date":"2023-03-03T14:01:58","date_gmt":"2023-03-03T14:01:58","guid":{"rendered":"https:\/\/www.seven-stones.biz\/blog\/?p=691"},"modified":"2023-03-03T14:19:33","modified_gmt":"2023-03-03T14:19:33","slug":"cisco-ip-phone-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/","title":{"rendered":"CIsco IP Phone Vulnerabilities"},"content":{"rendered":"\n<p>Crying Wolf? <\/p>\n\n\n\n<p>Before i continue, it&#8217;s pertinent to gives a heads up: nothing in this article relates to ChatGPT. Sorry. <\/p>\n\n\n\n<p>Lots of fuss was abound this morning (on the back of articles from yesterday with attention-grabbing headlines) regarding these 2 vulnerabilties disclosed, reported as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-20078,CVE-2023-20079\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2023-20078<\/a> and CVE-2023-20079. The first of these is rated 9.8 under <a href=\"https:\/\/en.wikipedia.org\/wiki\/Common_Vulnerability_Scoring_System\">CVSS<\/a> 3.1!! (Oh no). <\/p>\n\n\n\n<p>A few points:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<ul class=\"wp-block-list\">\n<li>Affected products: Cisco IP Phone 6800, 7800, 7900, and 8800 Series. <\/li>\n\n\n\n<li>The first vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-20078,CVE-2023-20079\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2023-20078<\/a>) is given as an RCE with instant-root, with the web-based management interface of the phone. The other is noted as a DoS condition. <\/li>\n\n\n\n<li>Whereas the aforementioned sounds bad, do you have your phones facing the Internet with a public IPv4 address? Probably not. So the attacker would need an internal presence to exploit this condition. If they have an internal presence, are they really going to be going after your phones? They might one supposes. Only you can answer this question.<\/li>\n\n\n\n<li>The CVSS rating of 9.8. About that. Lots of stuff is rated 10. Lots of stuff that shouldn&#8217;t be. It&#8217;s a long story but CVSS ratings have been <a href=\"https:\/\/blog.denexus.io\/beyond-cvss-scoring\" target=\"_blank\" rel=\"noreferrer noopener\">slammed multiple times by multiple esteemed analysts over the past 5 years<\/a>. This case here is interesting because we&#8217;re talking about phones&#8230; the 2nd vulnerability covered is given a 7.8 rating, primarily because its ONLY a <a href=\"https:\/\/www.ncsc.gov.uk\/collection\/denial-service-dos-guidance-collection\" target=\"_blank\" rel=\"noreferrer noopener\">DoS<\/a> . But with YOUR organisation, maybe DoS on your phones is worse than a remote take-over of the phones. <strong><em>CVSS ratings are not based on YOUR network. The folks who put together these ratings know nothing about YOUR organisation. You have to figure out your own risks<\/em><\/strong> based on threat modelling (I prefer the OWASP metholodogy).  <\/li>\n\n\n\n<li>The potential for an automated attack is also there. <\/li>\n\n\n\n<li>At the time of writing there was no publicity about attacks in the wild or public disclosed exploit code.<\/li>\n\n\n\n<li>Cisco has released software updates that address these vulnerabilities.<\/li>\n\n\n\n<li>The RCE as root might get some attention. Usually this is bad development or sys admin practice &#8211; to have processes running with super user privileges unnecessarily. However in this case the phone management software is <strong>management<\/strong> software and as such needs to <strong>manage<\/strong> &#8211; it needs root privileges. Let&#8217;s not bash Cisco over this one. <\/li>\n\n\n\n<li>Finally &#8211; a blast from the past. What does Cisco have against web interfaces? A bug I remember that was useful in pen tests, primarily for learning about the target network, involved being able to <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/csa\/cisco-sa-20010627-ios-http-level.html\" target=\"_blank\" rel=\"noreferrer noopener\">pass commands under Level 15 (the highest) privileges with no authentication<\/a>. The advice from Cisco was really something like &#8216;don&#8217;t use HTTP &#8211; disable it&#8217;. <\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p>  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crying Wolf? Before i continue, it&#8217;s pertinent to gives a heads up: nothing in this article relates to ChatGPT. Sorry. Lots of fuss was abound this morning (on the back of articles from yesterday with attention-grabbing headlines) regarding these 2 &hellip; <a href=\"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[230,232,231,79,72],"class_list":["post-691","post","type-post","status-publish","format-standard","hentry","category-blog","tag-cisco","tag-cve-2023-20078","tag-cvss","tag-vulnerability-assessment","tag-vulnerability-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CIsco IP Phone Vulnerabilities - Security Macromorphosis<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CIsco IP Phone Vulnerabilities - Security Macromorphosis\" \/>\n<meta property=\"og:description\" content=\"Crying Wolf? Before i continue, it&#8217;s pertinent to gives a heads up: nothing in this article relates to ChatGPT. Sorry. Lots of fuss was abound this morning (on the back of articles from yesterday with attention-grabbing headlines) regarding these 2 &hellip; Continue reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Macromorphosis\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-03T14:01:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-03T14:19:33+00:00\" \/>\n<meta name=\"author\" content=\"itibble@gmail.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:site\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"itibble@gmail.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/\"},\"author\":{\"name\":\"itibble@gmail.com\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"headline\":\"CIsco IP Phone Vulnerabilities\",\"datePublished\":\"2023-03-03T14:01:58+00:00\",\"dateModified\":\"2023-03-03T14:19:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/\"},\"wordCount\":432,\"commentCount\":0,\"keywords\":[\"Cisco\",\"CVE-2023-20078\",\"CVSS\",\"Vulnerability Assessment\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/\",\"name\":\"CIsco IP Phone Vulnerabilities - Security Macromorphosis\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\"},\"datePublished\":\"2023-03-03T14:01:58+00:00\",\"dateModified\":\"2023-03-03T14:19:33+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/cisco-ip-phone-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CIsco IP Phone Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\",\"name\":\"Security Macromorphosis\",\"description\":\"Ian Tibble&#039;s Security Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\",\"name\":\"itibble@gmail.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"caption\":\"itibble@gmail.com\"},\"description\":\"Author of Security De-engineering, CTO at Seven Stones (Indonesia)\",\"sameAs\":[\"http:\\\/\\\/www.seven-stones.biz\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CIsco IP Phone Vulnerabilities - Security Macromorphosis","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"CIsco IP Phone Vulnerabilities - Security Macromorphosis","og_description":"Crying Wolf? Before i continue, it&#8217;s pertinent to gives a heads up: nothing in this article relates to ChatGPT. Sorry. Lots of fuss was abound this morning (on the back of articles from yesterday with attention-grabbing headlines) regarding these 2 &hellip; Continue reading &rarr;","og_url":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/","og_site_name":"Security Macromorphosis","article_published_time":"2023-03-03T14:01:58+00:00","article_modified_time":"2023-03-03T14:19:33+00:00","author":"itibble@gmail.com","twitter_card":"summary_large_image","twitter_creator":"@seven_stones","twitter_site":"@seven_stones","twitter_misc":{"Written by":"itibble@gmail.com","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/"},"author":{"name":"itibble@gmail.com","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"headline":"CIsco IP Phone Vulnerabilities","datePublished":"2023-03-03T14:01:58+00:00","dateModified":"2023-03-03T14:19:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/"},"wordCount":432,"commentCount":0,"keywords":["Cisco","CVE-2023-20078","CVSS","Vulnerability Assessment","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/","url":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/","name":"CIsco IP Phone Vulnerabilities - Security Macromorphosis","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#website"},"datePublished":"2023-03-03T14:01:58+00:00","dateModified":"2023-03-03T14:19:33+00:00","author":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"breadcrumb":{"@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.seven-stones.biz\/blog\/cisco-ip-phone-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.seven-stones.biz\/blog\/"},{"@type":"ListItem","position":2,"name":"CIsco IP Phone Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.seven-stones.biz\/blog\/#website","url":"https:\/\/www.seven-stones.biz\/blog\/","name":"Security Macromorphosis","description":"Ian Tibble&#039;s Security Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.seven-stones.biz\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28","name":"itibble@gmail.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","caption":"itibble@gmail.com"},"description":"Author of Security De-engineering, CTO at Seven Stones (Indonesia)","sameAs":["http:\/\/www.seven-stones.biz"]}]}},"_links":{"self":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/comments?post=691"}],"version-history":[{"count":4,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/691\/revisions"}],"predecessor-version":[{"id":697,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/691\/revisions\/697"}],"wp:attachment":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/media?parent=691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/categories?post=691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/tags?post=691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}