Note: Throughout the video proof of concept (POC) creation phase, there was no disclosure or exposure of any employee, organizational, or user data, ensuring strict adherence to data privacy protocols and maintaining the confidentiality of sensitive information.
During a private assessment, a security vulnerability was discovered. This vulnerability allows to bypass phone lock of the device.
Affected Product : Yealink VP59 Microsoft Teams Phone
Affected Firmware Version: 91.15.0.118
Fixed Firmware Version: 122.15.0.142
Steps to Reproduce:
- Activate the device to initiate its functions and operations seamlessly, ensuring a smooth start-up process.
- Access the device by logging in with your Microsoft Teams account credentials, providing authorized entry for personalized usage.
3. Configure device security settings by implementing a 30-second phone lock, optimizing convenience for testing purposes