Cisco Bug: CSCvm49157 - Cisco SPA112 Series IP Phones Certificate Validation Vulnerability
Mar 28, 2019
- Cisco Small Business Voice Gateways and ATAs
Known Affected Releases
Symptom: A vulnerability in the certificate handling component of the Cisco SPA112 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a TLS encrypted SIP conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS encrypted traffic and potentially route or redirect calls initiated by an affected device This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs Conditions: Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases