Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability

2011-06-09T00:00:00
ID 1337DAY-ID-16286
Type zdt
Reporter Yakir Wizman
Modified 2011-06-09T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            #     _             ____  __            __    ___
#    (_)____ _   __/ __ \/ /_____  ____/ /  _/_/ |
#   / // __ \ | / / / / / //_/ _ \/ __  /  / / / /
#  / // / / / |/ / /_/ / ,< /  __/ /_/ /  / / / /
# /_//_/ /_/|___/\____/_/|_|\___/\__,_/  / /_/_/
#                   Live by the byte     |_/_/
#
# Members:
#
# Pr0T3cT10n
# -=M.o.B.=-
# TheLeader
# Sro
# Debug
#
# Contact: [email protected]
#
# -----------------------------------
# Aastra IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password..
# The vulnerabilitu allows an unprivileged attacker to read the sip details including password.
# The vulnerablities are in:
# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/globalSIPsettings.html
# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/SIPsettingsLine1.html
#-----------------------------------
# Vulnerability Title: Aastra IP Phone Web Interface Data Diclosure Vulnerability
# Date: 08/06/2011
# Author: Pr0T3cT10n
# Website Link: http://www.aastra.com
# Tested on Version: 9480i
# ISRAEL
###
###### NOTE: The aastra ip phone software is also vulnerability for unauthorized person to access the web interface.
###### It happen because there is no password thats protects the interface.
## DATA DISCLOSURE:
# The data disclosure vulnerability found in the section of 'Global SIP' / 'Line 1' of 'Aastra IP Phone' software.
# The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected.
# To exploit the vulnerability and dicluse the data we need to access to the 'Aastra IP Phone' by this url 'http://address/globalSIPsettings.html'.
# Or to the following address 'http://address/SIPsettingsLine1.html', we have Caller ID, Authentication Name,  and Password..
# Then we can see in the source code by the field 'password' and then we see the magic! thats is the password for the username by the sip server.
# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls.
##
# Yours, Pr0T3cT10n..



#  0day.today [2018-04-14]  #