Security vulnerabilities in IP telephony systems from Cisco and Ubiquiti necessitate urgent updates for users,potentially exposing networks to remote attacks.Ubiquiti specifically addressed a critical flaw in its UniFi Talk devices-Talk Touch, Talk Touch Max, and Talk G3-where factory debugging functions were left unintentionally active.
The exposed debugging functionality on UniFi Talk devices allows a remote attacker with access to the UniFi Talk management Network to access the devices’ programming interface.While the full extent of potential manipulation remains unclear, Ubiquiti advises immediate updates to at least version Talk Touch 1.21.17, Talk Touch Max 2.21.23, and Talk G3 3.21.27 to mitigate the risk. Details are available in Ubiquiti’s Security Advisory Bulletin. Cisco has also released security updates, though details were not immediately available in the source material.
