Cisco IP Phones Default Account Grants Remote Access and Subsequent Privilege Escalation SecurityTracker Alert ID: 1017681 SecurityTracker URL:
A remote user can access the target device via SSH and use a hard-coded default user account and password to gain access to the target device. Once access has been obtained, the user can invoke commands to elevate their privileges and gain full administrative access.
The default user account can not be disabled or removed and the password cannot be change. The SSH server cannot be disabled.
The following models are affected:
7906G, 7911G, 7941G, 7961G, 7970G, and 7971GThe following models are not affected:
7902G, 7905, 7905G, 7910, 7912, 7912G, 7920, 7921G, 7940, 7960, and 7985.Cisco has assigned Cisco Bug ID CSCsg34758 to the remote access vulnerability and Cisco Bug IDs CSCsg34789 and CSCsg42627 to the privilege escalation vulnerability.
Cisco discovered these vulnerabilities.
Impact: A remote user can gain access to the target device and then gain elevated privileges on the target device. Solution: The vendor has issued fixed firmware (8.0(4)SR2, 8.2(1)), available at:
Message History: None.