I just tested this:
uc320 can be penetrated with faked icmp entries in the NAT table, which can be triggered at any time from the internet to enter the LAN behind it.
Thus, a virus can set up the faked NAT entries from "local inside", and a virus-controller can enter the LAN by triggering those false NAT-entries at "global inside" from "global outside".
Are there any plans to fix this?
UC320 has never been sold as a robust security device. Cisco has been recommending it for easy and affordable IP PBX for very small deployment. There exists a best practice deployment guide for more secure solution. Please refer below:
For best practices for small business security devices, refer below:
So its cisco's position that in a greyfield deployment this poses no security threat? Even when setup for remote administration?
Wireshark my host and UC320W:
6 0.999650000 192.168.10.11 192.168.10.1 HTTP 494 GET /admin/pbxstatus.xml?instance=&xuser=admin&xpassword=MYPASSWORD&xsession=1385551665136@@688 HTTP/1.1
MYPASSWORD - TX in open type! COOL! It's really surely and safety!
There are better security problems than that!.. You can rewrite any file on the filesystem as root fairly trivially. Especially handy for /etc/passwd..
We were aware of the vulnerability.since this only exists from the LAN side that faces the customer,we rationalized that the exposure to a "friendlier" audience from within the company was tolerable.