Personalise your experience

Get the latest insights relevant to your sector.

I don't want to personalise my experience
Skip to main content Skip to primary navigation Skip to search Skip to footer
BT Global
  • More BT Websites
  • English
  • Français
  • Deutsch
  • Español
  • Italiano
  • Türkiye
  • 中国
  • 日本
Home My Account Support centre Cisco IP Phone Duplicate Key Vulnerability
· 20 Jun 2022

Cisco IP Phone Duplicate Key Vulnerability

  • Overview
  • What do you need to do?

Overview

 

This vulnerability exists in Cisco Unified IP Phones which could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. A successful exploit could allow an attacker to impersonate another user's phone.

Full description of the vulnerability is available on the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4

What do you need to do?

 

As a workaround for this vulnerability, install a Locally Significant Certificate (LSC). Follow the below steps to learn how this can be done:

1.   Verify if you’re using any of the below impacted products and whether the CUCM certificate on them is up to date:

  • ATA 187 Analog Telephone Adapter
  • Unified IP Phone 6901
  • Unified IP Phone 6911
  • Unified IP Phone 6921
  • Unified IP Phone 6941
  • Unified IP Phone 6945
  • Unified IP Phone 6961
  • Unified IP Phone 8941
  • Unified IP Phone 8945
  • Unified IP Phone 8961
  • Unified IP Phone 9951
  • Unified IP Phone 9971.

2.   Open the phone configuration page.

3.   Navigate to Settings > Security Configuration > LSC. Install the LSC by following the Cisco article on Configure LSC on Cisco IP Phone with CUCM for more details.

Cookies
Terms of use
Codes of practice
Privacy policy
Accessibility