Cyber security news for all

More

    Several gaps of Cisco IP phones are considered critical

    Hackers could attack Cisco IP phones as critical security gaps and execute malicious code with root privileges. There are also important security patches for access points and wireless LAN controllers. Hackers could bypass authentication and execute commands with admin rights.

    Due to an error in the web server of some IP phones, attackers could attack devices directly over the internet without authentication. This can cause the phones to crash. Cisco says: Executing malicious code with root privileges is conceivable.

    Due to inadequate checking of network traffic, attackers could initiate attacks by sending prepared HTTP requests. The options are deactivated by default.

    Cisco Suggests Filtering Traffic

    The main security hole concerns the HTTP interface. With these devices, the access data of an administrator are temporarily stored in the phone when the interface is accessed remotely. Another unauthorized remote access is then possible without entering the login data, which gives an attacker administrator rights for the device. The other problem affects different models of unified IP Phones like 7941G and 7971G.These devices have a default debugging user account that cannot be removed, deactivated or changed. An unauthorized user can have full control over an affected phone through the debugging account, which could also cause crashes. Cisco suggests filtering traffic to the faulty IP phones by setting up access lists in routers, switches and firewalls.

    High Risks Of Attacks

    There are also other malicious code attacks and several directory gaps. Attackers could use the latter to access data that was actually isolated. Wireless LAN controllers and access points could fall victim to DoS attacks. Cisco’s software is vulnerable to malicious code attacks on Windows for example. These vulnerabilities are rated high with the risk of attack.

    Of note, according to Cisco, some of these products (particularly the Wireless IP Phone 8821 and 8821-EX) are utilized by the healthcare industry who are currently on the frontlines of the coronavirus pandemic.

    Recent Articles

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    The slamming of undeletable Adware on Android users

    Researchers have discovered that about 14.8% of users of android phones that were targeted with mobile adware or malware the previous year have undeletable...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox