cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2692
Views
1
Helpful
6
Replies

UC320 - security leak

roland.schaffer
Level 1
Level 1

Hi there!

I just tested this:

uc320 can be penetrated with faked icmp entries in the NAT table, which can be triggered at any time from the internet to enter the LAN behind it.

Thus, a virus can set up the faked NAT entries from "local inside", and a virus-controller can enter the LAN by triggering those false NAT-entries at "global inside" from "global outside".

Are there any plans to fix this?

regards,

Roland

6 Replies 6

kvarshne
Level 1
Level 1

Dear Roland

UC320 has never been sold as a robust security device. Cisco has been recommending it for easy and affordable IP PBX for very small deployment. There exists a best practice deployment guide for more secure solution. Please refer below:

http://tools.cisco.com/s2slv2/ViewDocument?docName=EXT-AS-370391

For best practices for small business security devices, refer below:

http://www.cisco.com/web/partners/sell/smb/tools_and_resources/small_business_network_foundation.html

Best regards

So its cisco's position that in a greyfield deployment this poses no security threat? Even when setup for remote administration?

Thank you

Jonathan

ha ha

Wireshark my host and UC320W:

===

6    0.999650000    192.168.10.11    192.168.10.1    HTTP    494    GET /admin/pbxstatus.xml?instance=&xuser=admin&xpassword=MYPASSWORD&xsession=1385551665136@@688 HTTP/1.1

===

MYPASSWORD - TX in open type! COOL! It's really surely and safety!

There are better security problems than that!.. You can rewrite any file on the filesystem as root fairly trivially. Especially handy for /etc/passwd..

Hi Efim,

We were aware of the vulnerability.since this only exists from the LAN side that faces the customer,we rationalized that the exposure to a "friendlier" audience from within the company was tolerable.

Regards,

Nima

Insiders? no, not heard