11-15-2021 05:12 PM
Hi Guys,
Recently our security team pointed out that our 7861 and 8832 IP phones deemed as vulnerable. The vulnerability details was Sweet32 (https://sweet32.info/). The remarks said that "Disable and stop using DES, 3DES, IDEA or RC2 ciphers.".
So I did a test with some of the IP phones in my deployment, by setting the 'Disable TLS Ciphers' value on each phone to option 7 (the bottom one). Well, to my surprise, the latest report said that the 7861 phones are fixed, but not with 8832.
After further checking, both phone types are basically runs with the same software version, sip78xx.12-8-1-0001-455 for 7861 and sip8832.12-8-1-0001-455 for 8832. The software is quite new, release back in 2020, not really outdated. But, I found out that the value on option 7 is different. On 7861 it has 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SAH384', while on 8832 it has 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256'.
Any idea on how to fix the vulnerability? Anyone experienced the same issue? Thanks.
Solved! Go to Solution.
04-04-2022 07:32 PM
Hi Vinod,
Yes I did. Found it accidentally. On the phone settings, go to the bottom of the page. On "Disable TLS Ciphers" section, select all the items except None. Click save then apply config. Restart your phone to make sure none of the operational is disrupted by the changes you just performed. It solved my issue.
11-16-2021 02:44 AM
Have you tried, Firmware 14.0(1)SR2 for 8832.
11-17-2021 09:08 PM
Hi Nithin,
I just upgraded to version 14.0(1)SR2 today. So far the TLS version on option 7 is the same. Gonna wait for the latest security report next Monday to see the result.
11-24-2021 11:43 PM
Hi,
I tried to upgrade the phone to its latest OS release. But still got the vulnerability detected. Maybe Cisco has not released the patch yet for 8832? It's kind of strange since they have released the patch for 7861.
03-21-2022 07:51 AM
have you received any solution for this VA .
Regards
Vinod
04-04-2022 07:32 PM
Hi Vinod,
Yes I did. Found it accidentally. On the phone settings, go to the bottom of the page. On "Disable TLS Ciphers" section, select all the items except None. Click save then apply config. Restart your phone to make sure none of the operational is disrupted by the changes you just performed. It solved my issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide