7900 Series Cisco Unified IP Phones contain a vulnerability that can allow for arbitrary code execution. This vulnerability is caused by a failure to validate input passed to kernel system calls from user applications. An attacker could leverage this vulnerability either by gaining physical access to the vulnerable device, or access it through SSH.
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible via maliciously crafted usermode applications. Attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 18006 - Cisco Unified IP Phone System Call Vulnerability
Apply general service release 9.3(1)SR2. If the patch cannot be applied, Cisco recommends disabling the Cisco Unified IP Phone SSH server and setup encrypted phone configuration files.