Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Avaya, Cisco address VoIP vulnerabilities

Vendors respond to VoIPshield report on flaws that could be exploited
By Tim Greene , Network World , 06/26/2008
  • Share/Email
  • Tweet This
  • Comment
  • Print

Avaya and Cisco have addressed a report that their VoIP gear is vulnerable to a variety of attacks. VoIPshield Laboratories found the vulnerabilities, which also impact certain Nortel gear.

In its testing VoIPshield found that Avaya's Communication Manager 3.1x contained 29 separate vulnerabilities, that if exploited, could result in remote code-execution, unauthorized access, denial-of-service (DoS) and information harvesting. (Compare IP PBX products)

Cisco's Unified Communications Manager versions 5.x and 6.x, as well as Call Manager 4.x, were affected by a total of 12 vulnerabilities that could lead to unauthorized access and DoS attacks.

Nortel's Communications Server 1000 4.50.x, Multimedia Communications Server 5100 3.x, and SIP Multimedia PC client 4.x were cited for a total of four vulnerabilities that could lead to unauthorized access and DoS exploits.

Avaya says it knows about the problems and is issuing advisories to customers and providing service-pack updates that address some of them. "Ongoing updates and service packs addressing this will continue to be made accessible on our support site," an Avaya spokesman says.

Cisco is releasing software updates that address the vulnerabilities at no extra charge for customers with service contracts Nortel did not respond to questions about their response to the VoIPshield warnings.

Rick Dalmazzi, president and CEO of VoIPshield, says Avaya, Cisco and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America. The company has included Microsoft in its next round of testing, the results of which will come out in about four months.

VoIPshield Systems makes VoIP vulnerability-testing software, as well as an intrusion-prevention system designed for VoIP.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comments (1)
Login
Forgot your account info?

Cisco updates availableBy Cisco Subnet on June 26, 2008, 1:47 pmSee Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Go to Cisco Subnet for more Cisco news,...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed