•   
  •   
  •   

Sport Cisco VoIP adapters have critical security flaws

02:05  19 november  2019
02:05  19 november  2019 Source:   msn.com

Several tourists stabbed in Jordanian city near Roman ruins: police

  Several tourists stabbed in Jordanian city near Roman ruins: police Several tourists stabbed in Jordanian city near Roman ruins: policeA security source told Reuters three of the victims were Spanish women who had been taken to hospital.

Security researchers have discovered 19 flaws in Cisco VoIP adapters . Upon further inspection, they found that leveraging the flaws they found in Cisco 's devices would allow a cybercriminal to completely compromise the web interface of the adapters as well as the underlying operating system.

The flaws were discovered by security researchers at Tenable Research, who claim that Cisco VoIP adapters from the SPA100 Series were Tenable informed Cisco PSIRT of the 19 vulnerabilities across 7 Cisco security advisories, and as a result, Cisco has addressed these flaws in their SPA

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

a man standing in front of a window: null© Provided by Future Publishing Ltd. null

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Security researchers Andrew Orr and Alex Weber purchased Cisco's SPA112 and SPA122 Analog Telephone Adapters (ATA) which connect a landline phone to a VoIP network. However, the two became curious about the security of these devices which have a large attack surface and began to run tests to see if any vulnerabilities were present in their recently purchased hardware.

Amazon Ring doorbells could let hackers hijack your Wi-Fi

  Amazon Ring doorbells could let hackers hijack your Wi-Fi Smart doorbells may be a major security risk, Bitdefender finds.Findings from Bitdefender discovered that the products were leaking the password for the Wi-Fi networks of their users, making the details available for any third parties.

Another critical security flaw which has been tackled in this update is CVE-2018-0423, a vulnerability present in the web-based management interface of the Cisco The security flaws included Windows-based privilege escalation bugs, information leaks, command injection flaws , and cross-site scripting

Cisco has disclosed a critical flaw affecting its ENCS 5400-W Series and CSP 5000-W Series appliances, which is due to their software containing user accounts with a default, static password. During internal testing, Cisco discovered its Virtual Wide Area Application Services (vWAAS)

  • Cisco fined for selling software with security flaws
  • Vulnerabilities discovered in Verizon routers leave millions of consumers at risk
  • Cisco routers have major security flaw

Upon further inspection, they found that leveraging the flaws they found in Cisco's devices would allow a cybercriminal to completely compromise the web interface of the adapters as well as the underlying operating system.

Cisco VoIP adapters

According to a blog post published by the security researchers, the flaws they discovered would enable an attacker to steal credentials, create superusers with full privileges and execute arbitrary code. They also explained how they were able to achieve privilege escalation on Cisco's VoIP adapters, saying:

A browser bug was enough to hack an Amazon Echo

  A browser bug was enough to hack an Amazon Echo Two security researchers have been crowned the top hackers in this year's Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.

This chapter provides an overview of Voice over IP ( VoIP ) operations on the Cisco uBR924 cable access router. It also describes how to configure the Cisco uBR924 router for basic VoIP operation in both bridging and Caution Because voice is delay-sensitive, a well-engineered network is critical .

After you verify that voice -port signaling works properly and the correct digits are received, move to the VoIP call control troubleshooting and debugging. These factors explain why call control debugging can become a complex job: Cisco VoIP gateways use H.323 signaling to complete calls. H.323 is made

“We were able to take the lower-privilege “cisco” user, leak the “admin” user’s password hash and then “pass-the-hash” to elevate our privileges. Separately, we were able to use an arbitrary file read to defeat ASLR, and then exploit a stack overflow to achieve code execution as root.”

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

By using Shodan, the security researchers were able to identify a total of 3,662 potentially vulnerable devices so if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild.

  • Also check out our roundup of the best antivirus software

A professional hacker reveals the top security mistake people make online — and it's something you probably do every day .
Most people share too much about themselves on social media, and it could make it easier for hackers to guess your password.But there's another critical security mistake people often make online: oversharing on social media. That's according to Etay Maor, an executive security adviser at IBM Security. It's not just sensitive personal data like phone numbers, credit card numbers, and addresses that you should avoid sharing online, but also seemingly harmless information like mother's maiden name or your pet's name.

—   Share news in the SOC. Networks

Topical videos:

usr: 3
This is interesting!