id: Cisco-ip-phone-config-page-check
info:
  name: Cisco Systems IP Phone Configuration Page Check
  author: SecWithMoh
  description: This template designed to identify Cisco IP Phones with potentially exposed configuration pages. By leveraging a simple HTTP GET request, this template targets the Serviceability adapter's device statistics and configuration page. If the targeted page contains specific keywords, such as "Network Configuration" or "Services URL," the presence of these words indicates a successful match. This template operates with a medium severity level, suggesting that while the exposed information might not immediately lead to system compromise, it could provide valuable insights into the network setup or phone services, potentially aiding further attacks or reconnaissance activities.
  severity: medium

http:
  - method: GET
    path:
      - "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.configuration"
      - "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.device"
      - "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.settings.status.messages"
      - "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.ethernet"
    matchers:
      - type: word
        words:
          - "Network Configuration"
          - "Services URL"