Over 100 vulnerabilities in VoIP systems uncovered
VoIPshield Laboratories has discovered over 100 security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel.
A vulnerability is a design or implementation flaw in a VoIP system that can be exploited by a hacker with malicious intentions, including extortion through service outage threats, industrial espionage through call recording, or identity theft through the stealing of sensitive customer information. VoIPshield notified the vendors of its findings earlier this year.
Each vulnerability is categorized based on an exploit’s most likely malicious intent: unauthorized access, code execution, denial of service or information harvesting. Each is also given a severity rating based on a modified industry standard index. Vendor responses are also included, indicating what action if any the vendor has indicated they will take to remediate the vulnerability, and when.
The vulnerabilities discovered are used by VoIPshield to create signatures for its enterprise VoIP security solutions: VoIPaudit, a VoIP Vulnerability Assessment system, and VoIPguard, a VoIP Intrusion Prevention System (VIPS). Users are protected against attacks attempting to exploit the known vulnerabilities. VoIPshield products are regularly updated with new signatures through the VoIPshield Update subscription service.
For the complete list with details go here.