Cisco SPA300/500 IP Phones Vulnerable To Remote Eavesdropping

Bismillah writes Cisco has confirmed that its SPA300 and SPA500 are vulnerable to remote eavesdropping and dialing, and is working on a patch. Meanwhile, the advice is not to have the phones on internet-facing connections. From the article: "Cisco has confirmed the issue reported by Watts, which is a result of wrong authentication settings in the default configuration of firmware version 7.5.5. An attacker can send a specially crafted Extended Markup Language (XML) request to devices which will allow them to both make phone calls remotely, and listen in on audio streams. Successful exploits could be used to conduct further attacks, Cisco warned. Despite the confirmed vulnerability, Cisco said the flaw was unlikely to be used and gave it a low 'harassment' severity rating."

Re:So lemme get this right:

[Marginal+Coward]

My phone system at home is provided by my cable company, which uses VoIP (I assume) to provide phone service over the same cable that my Internet traffic flows through. In this common scenario, are the network and phone somehow logically isolated from each other even though they use the same physical medium?