A vulnerability in Certificate Trust List (CTL) authentication of Cisco third-generation IP phones could allow an unauthenticated, remote attacker to inject a crafted CTL file to the IP phone.
The vulnerability is due to insufficient authentication of the CTL file. An attacker could exploit this vulnerability by injecting a crafted CTL file to the phone. An exploit could allow the attacker to cause the phone to trust systems under the attacker's control.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to inject a crafted CTL file to a targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.