﻿{"id":314,"date":"2018-08-02T14:58:05","date_gmt":"2018-08-02T19:58:05","guid":{"rendered":"https:\/\/www.uv.mx\/csirt\/?p=314"},"modified":"2018-08-02T15:01:57","modified_gmt":"2018-08-02T20:01:57","slug":"vulnerabilidad-cisco-ip-phone","status":"publish","type":"post","link":"https:\/\/www.uv.mx\/csirt\/boletines\/vulnerabilidad-cisco-ip-phone\/","title":{"rendered":"Vulnerabilidad Cisco IP Phone"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-321\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/boletin-telefonos-cisco-ago-2-300x103.jpg\" alt=\"\" width=\"600\" height=\"206\" srcset=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/boletin-telefonos-cisco-ago-2-300x103.jpg 300w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/boletin-telefonos-cisco-ago-2-768x264.jpg 768w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/boletin-telefonos-cisco-ago-2.jpg 930w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>02\/08\/2018<\/p>\n<p><strong>Bolet\u00edn de seguridad inform\u00e1tica<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Vulnerabilidad Cisco IP Phone<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Descripci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Cisco ha dado a conocer una vulnerabilidad en sus productos de telefon\u00eda IP que\u00a0afecta la interfaz de usuario basada en la\u00a0web para la serie 6800, 7800 y 800, \u00e9ste agujero de seguridad\u00a0podr\u00eda a un atacante autenticarse remotamente y realizar inyecci\u00f3n de comandos que le permitan tener privilegios del servidor web.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Recursos:<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li>IP Phone 6800 Series con Firmware multiplataforma<\/li>\n<li>IP Phone 7800 Series con Firmware multiplataforma<\/li>\n<li>IP Phone 8800 Series con Firmware multiplataforma<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Soluci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Al considerar las actualizaciones, Cisco aconseja a los clientes que consulten regularmente los avisos de los productos, disponibles en su p\u00e1gina para determinar la exposici\u00f3n y una soluci\u00f3n de actualizaci\u00f3n<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Para mas informaci\u00f3n:<\/p>\n<p><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180711-phone-webui-inject?vs_f=Cisco%20Security%20Advisory&amp;vs_cat=Security%20Intelligence&amp;vs_type=RSS&amp;vs_p=Cisco%20IP%20Phone%206800,%207800,%20and%208800%20Series%20with%20Multiplatform%20Firmware%20Web%20UI%20Command%20Injection%20Vulnerability&amp;vs_k=1#vp\">https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180711-phone-webui-inject?vs_f=Cisco%20Security%20Advisory&amp;vs_cat=Security%20Intelligence&amp;vs_type=RSS&amp;vs_p=Cisco%20IP%20Phone%206800,%207800,%20and%208800%20Series%20with%20Multiplatform%20Firmware%20Web%20UI%20Command%20Injection%20Vulnerability&amp;vs_k=1#vp<\/a><\/p>\n<table width=\"90%\">\n<tbody>\n<tr>\n<td>\n<p><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180711-phone-webui-inject?vs_f=Cisco%20Security%20Advisory&amp;vs_cat=Security%20Intelligence&amp;vs_type=RSS&amp;vs_p=Cisco%20IP%20Phone%206800,%207800,%20and%208800%20Series%20with%20Multiplatform%20Firmware%20Web%20UI%20Command%20Injection%20Vulnerability&amp;vs_k=1#vp\">Cisco Security Advisory: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability<\/a><\/p>\n<p>tools.cisco.com<\/p>\n<p>A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180711-phone-webui-inject<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>La disponibilidad de las actualizaciones se pueden encontrar en el centro de software de Cisco en la siguiente p\u00e1gina, dirigirse a Productos &gt; Collaboration Endpoint &gt; Tel\u00e9fonos IP &gt; Tel\u00e9fonos IP con Firmware multiplataforma.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/software.cisco.com\/download\/home\">https:\/\/software.cisco.com\/download\/home<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Ante cualquier duda o aclaraci\u00f3n comun\u00edcate con el CSIRTUV a las extensiones 11505, 11532 y 11564 o al correo contactocsirt@uv.mx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; &nbsp; 02\/08\/2018 Bolet\u00edn de seguridad inform\u00e1tica &nbsp; &nbsp; Vulnerabilidad Cisco IP Phone \u00a0 Descripci\u00f3n: &nbsp; Cisco ha dado a conocer una vulnerabilidad en sus productos de telefon\u00eda IP que\u00a0afecta la interfaz de usuario basada en la\u00a0web para la serie 6800, 7800 y 800, \u00e9ste agujero de seguridad\u00a0podr\u00eda a un atacante autenticarse remotamente y realizar [&hellip;]<\/p>\n","protected":false},"author":2037,"featured_media":321,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ventana_nueva":"","tipo_url":"","url":"","extracto":"","imagen_halign":"","imagen_valign":"","bg_size":"","text_hide":"","media_url":"","tipo_media":"","video_url":"","video_pos":"","video_youtube":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-boletines"],"_links":{"self":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/users\/2037"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/comments?post=314"}],"version-history":[{"count":0,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/314\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media\/321"}],"wp:attachment":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media?parent=314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/categories?post=314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/tags?post=314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}