• Cisco IP Phones Vulnerable to Eavesdropping

    Posted on April 30, 2015 by in News

    Some of Cisco’s IP phones designed by for small businesses are plagued by a vulnerability that allows a remote attacker to eavesdrop on conversations and make phone calls from the affected devices.  The unauthenticated remote dial vulnerability affects version 7.5.5 and possibly later versions of Cisco Small Business SPA300 and SPA500 series IP phones.

    The malicious actors could obtain sensitive information by listening in on audio streams from the device, as well as leverage the bug to make phone calls remotely from a vulnerable phone. A successful exploit could also be used to conduct further attacks.

    Learn more about the vulernability here.