Skip to Content

Cisco Security Advisories - AnyConnect Client and 7900 Series Phones

Cisco release a couple severe security advisories last week that are worth taking a look at if you use either the Cisco AnyConnect Secure Mobility Client software or Cisco 7900 Series IP Phones. I'll try to break them down in english below to help you see if you are vulnerable.

Cisco AnyConnect Secure Mobility Client Vulnerability

The Cisco AnyConnect Secure Mobility Client is a VPN client application that can be used to connect to an ASA with IPSec or SSL.  If a user does not have the AnyConnect client installed on their system, the ASA can send it to them for installation just prior to connecting. This is done when the user accesses a website and establishes an SSL connection with the VPN headend (logs in on the web page). Once the user clicks the "Start AnyConnect" link, it downloads a "Helper" application which is basically a Java applet that does the download and install for the user. This is all fine and dandy if the user actually connects to the real VPN login page. 

The problem is if a malicious person creates a fake web page and lures an unsuspecting user to login to that site. They could then instruct the helper to download malware instead of a vpn client and henceforth PWN the end user station. 

At this point, you might be wondering What's Vulnerable? 

These versions are vulnerable:

  • Microsoft Windows version 2.3.185
  • Linux, Apple Mac OS X versions 2.5.3041 and 3.0.629
You should upgrade to one of the following versions to fix it:
  • 2.5.3041
  • 3.0.1047

The official advisory can be found here.

Cisco 7900 Series IP Phone Vulnerability

There are a ton of 7900 series phones out there. Many different versions have been created over the years.  If you support a VOIP environment with Cisco IP Phones, read on my friend.

There are essentially a couple ways users can get admin level access on these phones.  One of these ways is to run the superuser command on the phone and elevating their access to a privileged level. This could allow an attacker to view configuration information or make changes to the phone. Theoretically a malicious user could use this information to wage their cyber attack against your company, but it's stretch. None-the-less, we should be vigilant and patch this sort of stuff to preserve a secure environment. 

What's Vulnerable? 

The following Cisco Unified IP Phone devices are affected:

  •     Cisco Unified IP Phone 7975G
  •     Cisco Unified IP Phone 7971G-GE
  •     Cisco Unified IP Phone 7970G
  •     Cisco Unified IP Phone 7965G
  •     Cisco Unified IP Phone 7962G
  •     Cisco Unified IP Phone 7961G
  •     Cisco Unified IP Phone 7961G-GE
  •     Cisco Unified IP Phone 7945G
  •     Cisco Unified IP Phone 7942G
  •     Cisco Unified IP Phone 7941G
  •     Cisco Unified IP Phone 7941G-GE
  •     Cisco Unified IP Phone 7931G
  •     Cisco Unified IP Phone 7911G
  •     Cisco Unified IP Phone 7906

What version do these systems need to be upgraded to in order to fix this issue?

I'd shoot for version 9.2.1

The official advisory can be found here.

No votes yet


Dr. Radut | blog