uniform resource identifier

Unanswered Question
Nov 29th, 2007

Cisco has a reponse about remotely eavesdrop using Cisco Unified IP Phones.

I just know URI. Anybody can let me know, where(from what software interface) can I use URI commands? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
hadbou Thu, 12/06/2007 - 12:47

The SIP Dialer differs from SCCP dialer, because the Cisco Unified IP Phone (SIP) has more functionality and operates differently due to Dial Rules and Key Press Markup Language (KPML) functionality.

When a comma is selected during the KPML digits exchange, the Cisco Unified IP Phone (SIP) will cancel the KPML subscription and Cisco Unified Communications Manager. As a result, the call will fail to route.

Ensure the primary telephone number is valid when selecting digits on a Cisco Unified IP Phone (SIP).

dhook Fri, 12/14/2007 - 07:34

Hi,

You use URI through the built in web server. You could use something like this to enable streaming from an IP-Phone. Save the html below to a file, for example listen.htm. Edit the IP-addresses, and open the file in a local browser window. You'll need a user account that is associated with the phone in order to post the form, and the web server in the phone must be enabled. The vulnerability is basically that Extension Mobility does not encrypt passwords, but aside from that this is possible to do regardless as long as You achieve the login credentials to the phone (with social engineering, brute force etc)

http:///CGI/Execute" Method="POST">

"/>

Actions

This Discussion