VoIPshield made its second announcement of security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel. This brings the total number of vulnerability groups reported to VoIP vendors in 2008 to over fifty, representing over 175 unique vulnerabilities.
Vulnerabilities are categorized into four exploit types based on their most likely malicious intent: remote code execution, unauthorized access, denial of service, and information harvesting.
The VoIP vulnerabilities discovered by VoIPshield Labs, if successfully exploited, could result in losses to the corporation in the form of mitigation expenses, brand reputation, internal productivity, competitive advantage and compliance penalties.
Rick Dalmazzi, president and CEO of VoIPshield said:
Most security breaches result from a combination of attack methods. There is a trend in recent years of hacker attacks moving ‘up the stack’ to the application layer. One recent study found that over twenty percent of breaches included exploiting a known vulnerability in the targeted application. What’s important is that the good guys find these vulnerabilities and protect against them faster than the bad guys find them and exploit them.