Skip Links

Network World

Brad Reese

Outrageously shocking: More than 100 Cisco, Avaya and Nortel VoIP security holes discovered

By Brad Reese on Wed, 04/02/08 - 7:54pm.
Newsletter Signup

VoIPshield - Think Your VoIP is Secure? Think Again

It is shocking and outrageous that there are more than 100 security holes in VoIP products from Cisco, Avaya and Nortel.

The flaws were discovered by VoIP security solutions vendor VoIPshield, which revealed the vulnerabilities to the public today.

Since VoIPshield Labs is continuously finding new vulnerabilities, they plan on monthly disclosures to VoIP equipment vendors followed by public disclosure.

An interesting example of an identified Cisco VoIP vulnerability revealed today, is shown below:

Example of a Cisco VoIP Vulnerability

In the above example, a potential attacker exploiting the Cisco Unified Communication Manager (UCM) vulnerability related to its Disaster Recovery Network, could obtain full access to the UCM by getting the remote shell on the attacker's machine.

Subsequently the attacker could either disable UCM completely, download all the information from UCM to the attacker's machine or upload an executable file to the UCM.

Then the attacker could force all the Cisco softphones connected to this UCM to reboot and download that executable file.

It could be a bot, Trojan or worm.

Once the executable is downloaded and executed an attacker is able to have full access to the user’s laptop running the softphone.

This scenario could be repeated when, for example, the user of the laptop connects to another UCM.

VoIPshield has been working with major VoIP vendors since last December.

Following the terms of their Responsible Disclosure Policy, VoIPshield provided all of the VoIP vendors with detailed vulnerability descriptions and enough time to reproduce and respond to them.

Different vendors responded in different ways – some of them accused VoIPshield of grandstanding, self-promotion and skirting the boundaries of ethical disclosure.

But others, specifically Cisco Systems, responded in a professional manner and acknowledged the issues and is working with VoIPshield to resolve them.

Bogdan Materna"Personally I was surprised that Cisco Systems, known for not being very forthcoming when their products are singled out because of security issues, was very professional and willing to work with us to solve these issues," said Bogdan Materna - Founder & CTO of VoIPshield.

"It was nice to see."

There are over 1.2 billion landline and over 2 billion wireless phones (there are less than 1 billion PCs).

They are all converging on common VoIP network infrastructure and becoming part of the Internet.

But as we have seen in the early days of the Internet, security problems are being downplayed or outright ignored.

Vendors are rushing to market with new applications and devices without proper security.

Users are, in most cases, not aware that their new voice infrastructure brings serious security problems and exposures.

There are simple ways of quickly assessing the security of VoIP networks, for example, by using VoIP Vulnerability Assessment tools such as VoIPauditLite, which VoIPshield makes available as a free download.

And if you want to protect your VoIP infrastructure from these attacks, you may wish to think about deploying a VoIP Intrusion Prevention System (VIPS) such as VoIPguard.

View VoIP Security Resources:

Identified VoIP Vulnerability Database
VoIP Security Industry Resources
VoIP Security White Papers
Learn About VoIP Security

View dramatization of hacking into a financial institution's VoIP telephony system and see just how vulnerable enterprise VoIP systems really are:

If YOU were a sales executive with a Cisco reseller, would YOU get FIRED for bringing up VoIP security with a potential VoIP enterprise customer?

Contact Brad Reese
http://www.BradReese.Com

Brad's Top 5 Story Picks
# 1. Cisco Mobility VP admits that he does not really know what the term Fixed Mobile Convergence means
# 2. Cisco: Video traffic to balloon 20 times in 3 years
# 3. Tackling the inadequate Nortel R&D model
# 4. Cisco has 50 executives scouring the globe for technology acquisitions
# 5. Q & A with the ex-Cisco stars who launched the hot enterprise mobility start-up, Agito Networks
Story Archives Brad Reese on Cisco Story Archives

Cisco Power Supplies

Cisco Authorized Factory Refurbished List Pricing

Cisco Repair and Hardware Troubleshooting
  

Nice!

0
By Epicurean Hacker (not verified) on Wed, 04/02/2008 - 10:43pm.

Hey Bogdan, could you make me a nice hot cup of soup?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
Advertisement:
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished which offers one year warranties on Cisco Refurbished and Cisco Repair.

Contact Brad Reese

Archives
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
1811 expands to 384Mbps of DRAM and 128Mbps of Flash
A UBS analyst is reporting that Cisco's losing market share across the board
A company's monthly network communications cost will be reduced
A government official in possession of a large corporate stockholding while that corporation is subject to administrative rulings by that same government official
Agito adds that its enterprise fixed mobile convergence (eFMC) platform enables low-cost in-building voice coverage
Agito introduced Agito for BlackBerry
Agito's BlackBerry smart phone functionality for Cisco VoIP
Agito's RIM BlackBerry support announcement
An assortment of communications companies
Apple iPhone 3G S
Apple will begin selling its new iPhone 3G S
Applying a Mask of 11111111.11111111.11111111.0000
Back in April the CCIE Security track changed
Before Cisco CTO Padmasree Warrior was hired by Cisco
Below are two addresses broken out from dotted decimal to binary and then redisplayed with dots separating octet boundaries
Bill Alderson - NetQoS Technology Consulting Officer
Black Hat attack on Cisco's network admission control (NAC)
Boas also led an educational session at the Gartner Security Summit
Boas shares his insight on the most prevalent threats to the enterprise network
Brings enterprise VoIP over WiFi for dual-mode BlackBerry smartphones
Careers
Certified by Cisco-Linksys technicians via Linksys ISO certification procedures
Chairman and CEO of Cisco China - Jim Sherriff
Cisco
Cisco 1811 IOS 12.4 with SDM is the standard for Cisco CCNA – Security Labs
Cisco 1811 is now standard on the Cisco CCIE Security Lab with IOS 12.4T
Cisco Flip Video Camera
Cisco NAC design flaws that the folks at Black Hat so alarmingly described
Cisco has produced a new CCIE count
Cisco has successfully made the market transition to selling refurbished Linksys directly to end users
Cisco is also offering its new home media ensemble
Cisco is celebrating its 25th anniversary this year
Cisco merged the Linksys channel partner program into Cisco's registered partner tier
Cisco only counts your CCIE number once
Cisco registered the shoplinksys.com domain name to sell refurbished Linksys
Cisco released its new worldwide CCIE count
Cisco sales plummeted $1.6 billion (Page 4) and operating income nose-dived $1 billion
Cisco shouldn’t until it works out the kinks
Cisco's executive biographies web page
Compromised the Cisco agent installed on the end system
Confirmation testimony before the U.S. Senate noteworthy
Customer-proven best practices of network access control (NAC)
DSL/Cable with the Cisco 1811 makes sense
Data Center
Desai previously served as Chief Operating Officer of Radware (NASDAQ: RDWR)
Didn’t RIM already support voice over WiFi?
Doesn’t RIM’s Ascendent acquisition give them this?
Dotted decimal addresses that end up falling under a non-octet boundary subnet mask
Dual CCIE #18532 Routing and Switching/Security - George Morton
Dual Cisco CCIE #18532 Security/R&S - George Morton
Dual-mode BlackBerry smartphones
During the first 9 months of Cisco's 2009 fiscal year under Warrior's leadership as CTO
Each eight bits being converted to decimal
Enables BlackBerry to be integrated into corporate PBXs and Unified Communications systems
Enterasys NAC is agent-less assessment based on a network scan
Enterasys security expert Dennis Boas
Enterasys uses multiple criteria beyond end system health assessment to assign and limit access granted to an end system
Enterprise concerns about the financial and management aspects of NAC
Enterprises that have standardized on the BlackBerry platform
FCC requires the old Bell System to report its T1 outage and that the repair needs to be under 4 hours for 95% of all T1 outages
Famous networking industry journalist
Feature allowing entry of a real address mask of your own to test if it is on the same or remote network
Flexible options with Enterasys NAC
HP and Liquid Computing
Half the smartphones in use in the US today are BlackBerry devices
How Cisco was working overtime AGAINST the Buy America provisions of the $7.2B broadband stimulus fund
How LiquidIQ Works
How useful do you find this subnet calculator?
I developed the Subnet Calculator to make learning more demonstrative and fun
I have worked for a handful of telecommunications companies of varying sizes
I voted for President Obama seeking change
In the subnet calculator the binary and the n
Interesting CCIE news from around the world
Internet access at the branch would run faster than traditional T1 services
Is Cisco getting ready to sell its refurbished gear directly to end users too?
Is George Morton on to something here?
It will kill the Cisco Flip video camera
Its been proven that a government official can be bribed with free dinners
Joel Bion - Senior Vice President of Cisco's Product Resiliency Research
LANs / WANs
Larry Strickling is confirmed as the new Administrator of the National Telecommunications and Information Administration (NTIA)
Last month Cisco missed the multiple CCIE numbers
Leaving Warrior with absolutely no future as the CTO of Motorola
Linksys by Cisco Certified Refurbished Product
Linksys by Cisco Wireless Home Audio System
Liquid Computing's definition of unified computing (LiquidIQ) is a flexible
LiquidIQ Business Continuity - Disaster Recovery Made Simple
LiquidIQ Technical Specifications
LiquidIQ Total Software Control - LiquidView Management
LiquidIQ can consolidate functions including web
LiquidIQ is the only UCS system that's listed by VMware to support VSphere
LiquidIQ is the only standards-based unified computing solution that’s in production today with paying customers
LiquidIQ was designed with built-in security
Made by Strickling during his March 19
Manny Rivelo - Senior Vice President of Cisco's Development Organization
Market failures for business class DSL/Cable is unacceptable
May 2009 vs. June 2009 Worldwide CCIE Count Comparison
Mobile features integrated into the BlackBerry
Morton believes with DSL/Cable services having up to 18Mbps of download availability
Morton's design would route all requests over the DMVPN-mGRE
Motorola operating earnings dropped $3.8 billion to a loss of $534 million
Motorola sales had collapsed by more than $4 billion (Page 1)
Multiple pipes with QoS for voice dedicated to one uplink and data services on the second link
My previous government service at the FCC provide me a unique background for the position of Assistant Secretary
NetQoS Subnet Calculator offers a view of every bit in the IP address to help network engineers understand how IP subnetting works
Network Management
Network World's Data Center Derby story acknowledged Liquid's first-mover advantage with its unified data center concept
Network performance management vendor NetQos
Network security vendor Enterasys
Nortel had purchased Alteon for $7.8 billion
Not too many senior executives are around from Cisco's early days
Omitted the years of Cisco service for both John Morgridge and Richard Justice because they are no longer full-time Cisco executives
Only 66% of all applicants who passed were for the CCIE Router and Switch track
Only one CCIE is a member of Cisco's 59 strong senior executive team
Pacific Rim CCIE numbers didn't change over the last 39 days
Pejman Roshan - Chief Marketing Officer of enterprise fixed mobile convergence (eFMC) vendor Agito Networks
Ponemon Institute reported
R & S + Security this year as the most popular dual CCIE track
R & S + Service Provider was 49% of the successful attempts for dual CCIE
RIM offers only data services over WiFi on their dual-mode smartphones
Radware recently purchased Nortel's application delivery business (Alteon) for the cut-rate price of $18 million
Refurbished product are mostly customer returns that meet original factory specifications
Refurbished product sold in the United States
Responsible for Cisco's IOS Software
SMB
Screenshot of the NetQoS Subnet Calculator
Security
Security mechanisms are used to validate the integrity and authenticity of the Enterasys agent for all server/agent communications
She was the CTO of Motorola and dismissed in her blog the introduction of the Apple iPhone
Showed that Stickling owned a large Cisco stock position
So we had 251 new CCIEs
Start by entering your address and mask in the calculator
Subject of Cisco's senior executive team came up
The Federal Reserve has moved from complex Cisco routers with T1 service to Cisco low end routers (ISR 1811) with DSL
The IOS 12.4 track with ISR routers is slowing down the Security CCIE track
The National Telecommunications and Information Administration (NTIA) granted Cisco its coveted Buy American Exception
The average tenure would be of the 61 executives listed on Cisco's Mount Rushmore
The change in the CCIE Security track has had a major impact on new security CCIEs
Until one takes some real addresses and experiments with how the mask affects the address bits
View Cisco's flash promotion for its home media ensemble
View more Cisco Tools
Vik Desai - President and Chief Executive Officer of unified computing infrastructure vendor - Liquid Computing
VoIP / Convergence
Warrior is now repeating her Motorola failure at Cisco
We're also now starting to see the CCIE Wireless track
We've experienced a new low for CCIE Security track
What exactly has Agito Networks announced this week?
What's your take on the implications of the new worldwide Cisco CCIE count?
Why is cellular-only PBX and UC integration incomplete?
Why the Enterasys NAC solution is doing so well
Why the Enterasys NAC solution is in such high demand
Wireless / Mobile
Within 9 months of the Apple iPhone introduction
On The Web
Twitter