The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Aastra 6753i IP Telephone: obtaining the configuration

Synthesis of the vulnerability 

An attacker, who owns an Aastra 6753i IP Telephone phone, can obtain fragments from the configuration of other phones.
Impacted systems: Aastra Phone.
Severity of this alert: 1/4.
Creation date: 04/01/2013.
Références of this alert: BID-57151, VIGILANCE-VUL-12281.

Description of the vulnerability 

When an Aastra 6753i phone starts, it downloads its configuration from a TFTP server. This configuration is stored in a ".tuz" file, which is encrypted with TripleDES, in ECB mode. The phone downloads this file, and decrypts it using the key it owns.

However, the ECB mode does not chain operations, and does not use a counter. Each block of 8 bytes is encrypted independently. Moreover, the encryption key is shared between all phones.

An attacker can connect to the TFTP server, in order to download the configuration of another phone. He can then replace 8 bytes of his own encrypted configuration, with 8 bytes coming from the other configuration, and then invite his phone to download this newly created ".tuz" file . The phone then decrypts the configuration, including the 8 bytes from the other phone configuration.

An attacker, who owns an Aastra 6753i IP Telephone phone, can therefore obtain fragments from the configuration of other phones.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat announce impacts software or systems such as Aastra Phone.

Our Vigil@nce team determined that the severity of this computer vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this cybersecurity alert.

Solutions for this threat 

Aastra anacrypt: version 1.04.
The version 1.04 is fixed:
  http://www.aastra.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities patches. The technology watch team tracks security threats targeting the computer system.