-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-014 Title: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 [1] Version history: 19.02.2014 Initial publication Summary ======= A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device. CVE numbers: CVE-2014-0721 Vulnerable systems ================== Cisco Unified 3905 Phone Original Details ================ This vulnerability is due to an undocumented test interface in the TCP service listening on port 7870 of the affected device. What can you do? ================ There is a patch. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTBi0oAAoJEPpzpNLI8SVo8a8QAL9WvLyRBFQEVPytHr2Yi7nA PMrspQ5qCoDtk+25qWQP22CHioYcb6L0Kd70Oe7vFR+6RmdpbHV6CEMlOM2qJcny tTkni59MnWCt9jjUFITI+oPfai48GtBQvEMVeZTAzmQ4+IZ3IJQROSYAerlTP5g5 0OJWmCVDb8Y7kELzMScMFuFI+pS7mLHL7qPGZ1j5iq1D9mNEaX1EMD02my3ZHEMk fVQAAug6+tffp6u2zvaxy39SMgnb594QWJ9X7awmazCxqfsNOu3jGefyApHdbpub KeuUOXGJHFbJdJkvRE0tIRfd0NFgPclYFZEgZHq9ms+35VQdLjqBeugnIDVw1NXy iBWYCgmT8X0B/9oAruKMJpuJVLlWY9uEatoj7gzNwdLko9VMHdAw7cwPwqnZg22V T6Y4R3zaIEI3+tMqVXsNMBEB3OR5hUtQ0YorCkpIpsEetXXhXA5+qq17nPCQ5j54 Spf0cVcMaNCEY8GU5EnzDNPeyX7WcVXQs3ZVWkVrFyd21QiZ+h+CDg1Kol/2tPLy WG3bHfdKB1wPb9+4l5H29WP2TOwxLwfEtlrFu09KEUhvs1xIC8fFSmYRKIqhCREE WQ0n9EGa6rW3TzbjizjEJo4vrCkFAP/MdaRg3/W+GPiepwRxtfWjxqYGbDTBvtva XSUb/EXGOqV0sc/BvmsK =x+SW -----END PGP SIGNATURE-----