i have been audited by a network security company and in the results appeared that the ip phones model 3905 has a security vulnerability.
Here is the description of the vulnerability
Port Vulnerability Name Vulnerability Risk
7870 BusyBox Built-in Shell High
This host allows unrestricted access to the BusyBox built-in shell. This shell provides a variety of remote management features for Linux based OSes.
An attacker can obtain information from this host which could be used to further compromise this or other hosts on the network. Additionally, an attacker may be able to use this access to reconfigure this host.
Disable the BusyBox built-in shell unless it is specifically required for business purposes. If the BusyBox built-in shell is required, restrict access to it to authorized hosts only via host or network based access controls.
Cisco Ip Phone Model: 3905
Firmware version: 3905.9-2-1-0
I have done a research but i didn´t found any useful information to mitigate this vulnerability or how to disable BusyBox built-in shell in the phone.
As far as I could understand and find out, the BusyBox Built-in Shell is a Linux feature and not sure why the scanner is picking it up on an IP Phone. Has the auditor been able to pick-up the same feature in any other Cisco IP Phone model too?
Now, to ensure the safety of your network from any malicious attack attempts, follow the leading practice recommendations to lock down a phone from CUCM phone webpage (settings access, PC vice VLAN and SSH disable etc.) and from network by not allowing any traffic except from phone to UC servers and vice-versa. All in all, lock down the device and ensure nothing except from what should have access to voice VLAN should be part of user access layer.
I would recommend reading Chapters 6, 7, 9, and 15 of Securing Cisco IP Telephony Networks
Yes i found that the BusyBox Built-in in Shell is Linux Feature i'm not a Linux expert i just Know the basics after a research i couldn't find nothing related to this phone or why the scanner detect it as a threat. The auditor detected this threat only on ip phones 3905 model.
I will perform your recommendations i hope accomplish with the security requirements in the next network scan.