Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability

ID CISCO-SA-20140221-CVE-2014-0737
Type cisco
Reporter Cisco
Modified 2014-02-21T15:16:03


A vulnerability in Certificate Trust List (CTL) authentication of Cisco third-generation IP phones could allow an unauthenticated, remote attacker to inject a crafted CTL file to the IP phone.

The vulnerability is due to insufficient authentication of the CTL file. An attacker could exploit this vulnerability by injecting a crafted CTL file to the phone. An exploit could allow the attacker to cause the phone to trust systems under the attacker's control.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker may require access to trusted, internal networks to inject a crafted CTL file to a targeted device. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.