Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass Vulnerability

Bugtraq ID:	51541
Class:	Design Error
CVE:	CVE-2011-4659
Remote:	Yes
Local:	No
Published:	Jan 18 2012 12:00AM
Updated:	Jan 18 2012 12:00AM
Credit:	Cisco
Vulnerable:	Cisco Cisco IP Video Phone E20 TE 4.1.0
Not Vulnerable:	Cisco Cisco IP Video Phone E20 TE 4.1.1

Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass Vulnerability

Cisco IP Video Phone E20 is prone to a remote authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized root access to the affected device. Successful exploits will result in the complete compromise of the device.

This issue is being tracked by Cisco bug ID CSCtw69889.

Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass Vulnerability

Attackers can use readily available tools to exploit this issue.

Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass Vulnerability

Solution:
Vendor updates are available. Please see the referenced advisory for details.

Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass Vulnerability

References:

• Cisco Homepage (Cisco)
  
• Cisco IP Video Phone E20 Default Root Account (Cisco)