Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2006-0009
Type: Vulnerability
Status: Candidate
Classification:
Denial of Service
Information Disclosure
Description:
The Cisco 7920 802.11b VOIP contains an open UDP port used for remote debugging.
Discussion:
The Cisco 7920 is vulnerable to remote attack via an open UDP port. The device is shipped with UDP port 17185 open. This port is used by the VxWorks remote debugger to allow developers to debug the device remotely from a development machine. As such, it provides access to a great deal of information contained in the device.
Because of this it may be possible for an attacker to remotely gather information from the device or mount a denial of service (DoS) attack against the device by issuing debugging commands.
All firmware versions 2.0 and less are vulnerable. Cisco has provided a fix for this issue which can be obtained by following the information available in the cited advisory.
Credits
Author:
Shawn
Merdinger
(shawnmer@gmail.com)
: None
References
URL:
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
Released: 2005-11-16
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Mon Jan 30 13:59:26 -0800 2006
Candidate Date: Wed Feb 01 10:22:20 -0800 2006
