Cisco Systems issued a warning on Wednesday that some of its IP phones could be compromised, allowing unauthorised individuals to bypass security restrictions. In the warning, Cisco detailed flaws for two sets of products. One warning identified two versions of the Cisco Unified IP Conference Station, a speaker phone specially designed for conference rooms. The products are the 7935 version 3.2(15) and 7936 version 3.3(12).

Cisco said because of a design error in the HTTP interface, which allows the device to be managed remotely, an administrator's credentials are saved or cached when the device is accessed remotely. So if an unauthorised person tried to access the device at a later time, it would permit access without further authentication.

The link for this article located at CNET News.com is no longer available.