Cisco IP Phones Have a Huge Security Risk

Cisco IP Phones Default Account Grants Remote Access and Subsequent Privilege Escalation SecurityTracker Alert ID: 1017681 SecurityTracker URL:

CVE Reference: CVE-2007-1063 (Links to External Site) Updated: Feb 22 2007 Original Entry Date: Feb 21 2007 Impact: Root access via local system, User access via network Fix Available: Yes Vendor Confirmed: Yes Advisory: Cisco Security Advisory Version(s): 8.0(4)SR1 and prior; models 7906G, 7911G, 7941G, 7961G,

7970G, and 7971G Description: A vulnerability was reported in Cisco IP Phones. A remote user can access a default account on the target device. The user can then obtain elevated privileges on the target device.

A remote user can access the target device via SSH and use a hard-coded default user account and password to gain access to the target device. Once access has been obtained, the user can invoke commands to elevate their privileges and gain full administrative access.

The default user account can not be disabled or removed and the password cannot be change. The SSH server cannot be disabled.

The following models are affected:

7906G, 7911G, 7941G, 7961G, 7970G, and 7971G

The following models are not affected:

7902G, 7905, 7905G, 7910, 7912, 7912G, 7920, 7921G, 7940, 7960, and 7985.

Cisco has assigned Cisco Bug ID CSCsg34758 to the remote access vulnerability and Cisco Bug IDs CSCsg34789 and CSCsg42627 to the privilege escalation vulnerability.

Cisco discovered these vulnerabilities.

Impact: A remote user can gain access to the target device and then gain elevated privileges on the target device. Solution: The vendor has issued fixed firmware (8.0(4)SR2, 8.2(1)), available at:

The Cisco advisory is available at:

Vendor URL: (Links to External Site) Cause: Access control error Reported By: Cisco Systems Product Security Incident Response Team

Message History: None.