Vigil@nce - Cisco Unified IP Phone 8900/9900: privilege escalation via SUID
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use a suid program on Cisco Unified
IP Phone 8900/9900, in order to escalate his privileges.
Impacted products: Cisco IP Phone
Severity: 2/4
Creation date: 13/11/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and
Cisco Unified IP Phone 8961 products support memory block devices.
However, access permissions are not restricted. A local attacker
can then mount this device as a filesystem containing a suid root
program.
An authenticated attacker can therefore use a suid program on
Cisco Unified IP Phone 8900/9900, in order to escalate his
privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN