Unified SIP Phone 3905 Unauthorized Access

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote IP telephony device is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of the Cisco
Unified IP Phone software running on the remote device has an
undocumented test interface TCP service that could be accessed on port
7870. This service could allow unauthorized users to obtain remote root
access on the device.

See also :

http://www.nessus.org/u?c29de305

Solution :

Apply the relevant update referenced in Cisco Security Advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 72724 ()

Bugtraq ID: 65663

CVE ID: CVE-2014-0721