More Cisco, Avaya, Nortel Vulnerabilities Named
VOIPShield has released a new raft of vulnerabilities that it found in IP telephony systems from Cisco, Avaya and Nortel (announcement here; vulnerability details here). Unlike its previous such announcement, VOIPShield has this time coordinated the release with the affected vendors, avoiding the criticism it faced the last time, when VOIPShield went public with the vulnerabilities before the affected vendors could address all of them.This week's announcement found a total of 45 vulnerabilities--29 with Avaya; 12 with Cisco and 4 with Nortel. VOIPShield gave its most severe rating, "Critical," to
An exploit that could expose system configuration information in Avaya's SIP Enablement Service. (VOIPShield reports that Avaya is "attempting to address the issue".)
A potential denial of service attack against Cisco's Unified Communications Manager 6.x and against UCM 5.x. (VOIPShield reports that Cisco has made a patch available).
A potential denial of service attack against Nortel's CS1000 4.50.x. (VOIPShield reports that Nortel is "attempting to address the issue," noting in its report, "Completely addressing the issue requires a patch from Nortel, which Nortel has indicated is being worked on, but the availability and timing of this patch have not yet been identified.") Nortel's Security Bulletin on the vulnerability states, "To our knowledge, this attack has not been launched against any of our customers."
A potential denial of service attack against the Wireless Client Manager (WiCM) SIP proxy in Nortel's MCS5100 3.x. (VOIPShield says Nortel has a "workaround proposed".) The Nortel Security Bulletin on this reported vulnerability states, "Recommended solution is to use a corporate NAT/FW in order to prevent such malicious actions from outside. WiCM is normally configured inside the corp network/firewall." On the other hand, VOIPShield contends that, "To completely address the issue requires a patch from Nortel. In the short term it is recommended that a VoIP-aware IPS [intrusion prevention system] product, such as [VOIPShield's] VoIPguard, with signatures to detect attempts to exploit this issue, be implemented to prevent it from being exploited. In addition, implementation of general best practice guidance such as controlling access to telephony networks via VLANs, access control lists, firewalls, network admission controls and/or other security devices will aid in limiting the exposure of this vulnerability."
1
|
logon-to-comment
|
Quick View | Full View | 0 Comments |
This is a public forum. UBM TechWeb and its affiliates are not responsible for and do not control what is posted herein. UBM TechWeb makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of UBM TechWeb and may be edited and republished in print or electronic format as outlined in UBM TechWeb's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
THE HOT ZONE
Burning issues in Enterprise Communications
·
UC/CONVERGENCE
Sponsored by
Focus: SIP Trunking
Featured Article: Under the Hood of Microsoft Communications Server 14
· CONTACT CENTERS Sponsored by
Webinar Replay: Contact Centers & Migration to IP
Recent blog: When Preparation Meets Opportunity in the World of Customer Care
Affiliate Partner
Focus: SIP Trunking
Featured Article: Under the Hood of Microsoft Communications Server 14
· CONTACT CENTERS Sponsored by
Webinar Replay: Contact Centers & Migration to IP
Recent blog: When Preparation Meets Opportunity in the World of Customer Care
VIDEOS
NO JITTER BOOKSHELF
Collect and store your favorite content from
No Jitter for quick reference. It's easy and free! CLICK HERE to register and get started!
No Jitter for quick reference. It's easy and free! CLICK HERE to register and get started!
