04-07-2017 08:23 AM - edited 03-19-2019 12:18 PM
All,
besides the third party applications is there anything that one can develop natively on CUCM to remotely factory reset a phone or erase CTL/ITL files?
Solved! Go to Solution.
04-08-2017 11:07 AM
The third-party apps exploit a hole in the ITL logic to do this: the phone will continue using the most recent XML file it saved to flash that was digitally signed by a member of the ITL it also has saved in flash memory. That XML file has the IP/DNS FQDN of the CUCM nodes it was supposed to register to. After it rejects the newer XML file for failing the digital signature check, it attempts to register to the CUCM nodes defined in the local file.
IF it can register successful then there is an opening for the third-party apps to exploit: you can pass XML SDK commands over CTI to CUCM (assuming the Application User of the CTI-connected application has control over the phone). CTI Manager will relay these commands to the phone, which bypasses the Authentication URL and ITL/TVS. Same commands, just a different approach vector.
The caveat of this approach is that the phone must register to CUCM using the IP/DNS FQDN in it's local flash. If it cannot do this then you have no method to do this remotely.
This is where I pass you off to DevNet as Jaime suggested. You would need to write a program that leverages CTI and the phone XML SDK. Good luck!
04-07-2017 08:58 AM
Might want to ask in DevNet
04-08-2017 11:07 AM
The third-party apps exploit a hole in the ITL logic to do this: the phone will continue using the most recent XML file it saved to flash that was digitally signed by a member of the ITL it also has saved in flash memory. That XML file has the IP/DNS FQDN of the CUCM nodes it was supposed to register to. After it rejects the newer XML file for failing the digital signature check, it attempts to register to the CUCM nodes defined in the local file.
IF it can register successful then there is an opening for the third-party apps to exploit: you can pass XML SDK commands over CTI to CUCM (assuming the Application User of the CTI-connected application has control over the phone). CTI Manager will relay these commands to the phone, which bypasses the Authentication URL and ITL/TVS. Same commands, just a different approach vector.
The caveat of this approach is that the phone must register to CUCM using the IP/DNS FQDN in it's local flash. If it cannot do this then you have no method to do this remotely.
This is where I pass you off to DevNet as Jaime suggested. You would need to write a program that leverages CTI and the phone XML SDK. Good luck!
04-12-2017 10:46 AM
Very thorough response Jonathan, thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide