Re: UC320 - security leak

roland.schaffer · ‎11-08-2013

Hi there!

I just tested this:

uc320 can be penetrated with faked icmp entries in the NAT table, which can be triggered at any time from the internet to enter the LAN behind it.

Thus, a virus can set up the faked NAT entries from "local inside", and a virus-controller can enter the LAN by triggering those false NAT-entries at "global inside" from "global outside".

Are there any plans to fix this?

regards,

Roland

kvarshne · ‎11-08-2013

Dear Roland

UC320 has never been sold as a robust security device. Cisco has been recommending it for easy and affordable IP PBX for very small deployment. There exists a best practice deployment guide for more secure solution. Please refer below:

http://tools.cisco.com/s2slv2/ViewDocument?docName=EXT-AS-370391

For best practices for small business security devices, refer below:

http://www.cisco.com/web/partners/sell/smb/tools_and_resources/small_business_network_foundation.html

Best regards

digitaldeluge · ‎11-12-2013

So its cisco's position that in a greyfield deployment this poses no security threat? Even when setup for remote administration?

Thank you

Jonathan

Efim Kuznetsov · ‎11-27-2013

ha ha

Wireshark my host and UC320W:

===

6 0.999650000 192.168.10.11 192.168.10.1 HTTP 494 GET /admin/pbxstatus.xml?instance=&xuser=admin&xpassword=MYPASSWORD&xsession=1385551665136@@688 HTTP/1.1

===

MYPASSWORD - TX in open type! COOL! It's really surely and safety!

Steven Howes · ‎12-02-2013

There are better security problems than that!.. You can rewrite any file on the filesystem as root fairly trivially. Especially handy for /etc/passwd..

Nima Norbu · ‎12-03-2013

Hi Efim,

We were aware of the vulnerability.since this only exists from the LAN side that faces the customer,we rationalized that the exposure to a "friendlier" audience from within the company was tolerable.

Regards,

Nima

Efim Kuznetsov · ‎12-03-2013

Insiders? no, not heard