First page Back Continue Last page Graphics
Configuration Disclosure: Device
Vulnerability:
- Hard-phones provide management interfaces
- VXWorks remote debugging and console port open
Attack:
- Point a browser at the device on port 80
- SNMP-walk the device
- Attach a remote VXWorks debugger
Effect:
- Disclosure of sensitive information such as:
- Usernames / Passwords
- Call Server, Gateway, Registration Server, etc.
- Available VoIP services
- Device internals