Cisco has warned that a number of its internet phones are vulnerable to security attacks by unauthorised users.

The warnings involve the Cisco Unified IP Conference Station, a conference phone, with the model numbers 7935 version 3.2(15) and 7936 version 3.3(12).

Design errors in the phones' HTTP interface leave them open to remote attack, as the phones retain an administrator's details once they access them remotely. However, Cisco pointed out that if the phones are not used via HTTP, they are not vulnerable.

Cisco will be making updates to the phones' software available soon, but there are no details yet on when this will be.