Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wiretapping Vulnerability Reproduction

I am only able to reproduce the recent wiretapping vulnerability when the credentials entered are for the user ASSOCIATED TO THE DEVICES or LOGGED IN TO THE DEVICES the under attack. If the user is not associated with the DUT, then the problem cannot be reproduced. If that is the problem, why does Cisco say that any Extension Mobility user can trigger the vulnerability?

"Extension Mobility authentication credentials are not tied to individual IP phones. Any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack."

http://www.cisco.com/en/US/customer/products/products_security_response09186a0080903a6d.html

111
Views
0
Helpful
0
Replies
CreatePlease to create content