Guest

Preview Tool

Cisco Bug: CSCvm49157 - Cisco SPA112 Series IP Phones Certificate Validation Vulnerability

Last Modified

Mar 28, 2019

Products (1)

  • Cisco Small Business Voice Gateways and ATAs

Known Affected Releases

1.4.2

Description (partial)

Symptom:
A vulnerability in the certificate handling component of the Cisco SPA112 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a TLS encrypted SIP conversation.

The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS encrypted traffic and potentially route or redirect calls initiated by an affected device

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs

Conditions:
Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.