Cisco has issued a security alert warning users of several of its voice over Internet Protocol (VoIP) phones that a flaw in the products could allow hackers to listen in on users’ conversations.
The company said the products at risk are the Cisco Small Business SPA series 300 and series 500 IP phones.
A vulnerability in the machines “could allow an unauthenticated remote attacker to listen to the audio stream” of the phones, according to Cisco. Software updates are not available at this time.
“The vulnerability is due to improper authentication settings in the default configuration,” a warning from the company said. “An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream of make phone calls remotely.”
Source: http://ift.tt/19NemNF
from hacker samurai http://ift.tt/19Nem0m
via IFTTT
No comments:
Post a Comment