Sunday, November 12, 2017
Home / Security / Exploits / Eavesdrop vulnerability discovered in Cisco phones

Eavesdrop vulnerability discovered in Cisco phones

A number of 7900-series phones are affected, according to Forbes.

The most recent vulnerability is founded on a lack of input validation at the syscall interface, according to Columbia University graduate student Ang Cui. This, Cui said, “allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP [Digital Signal Processor], buttons, and LEDs on the phone.”

Cui stated that the phones contain a number of vulnerable third-party libraries, which he promises to discuss at the upcoming Chaos Computer Conference, 29C3.

Cisco states workarounds and a software patch are available to address the issue, tagged with the update id CSCuc83860.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …