snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability

Bugtraq ID:	52128
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Nathaniel Carew
Vulnerable:	snom technology VoIP phone firmware 8.4.34 snom technology VoIP phone firmware 8.2.35 snom technology VoIP phone firmware 8.2.34 snom technology VoIP phone firmware 8.2.33 snom technology VoIP phone firmware 8.2.32 snom technology VoIP phone firmware 8.2.31 snom technology VoIP phone firmware 8.2.30
Not Vulnerable:	snom technology VoIP phone firmware 8.4.35

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability

snom VoIP Phone Firmware is prone to a remote privilege escalation vulnerability.

An authenticated attacker can exploit this issue to access administrative resources and gain elevated privileges. This may lead to a full compromise of the affected device or aid in further attacks.

snom VoIP phone firmware versions prior to 8.4.35 are vulnerable.

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability

Attackers can exploit this issue using a browser or readily available tools.

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for details.

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability

References:

• snom technology Homepage (snom technology AG)
  
• Sense of Security - Security Advisory - SOS-12-001 (Nathaniel Carew)