Test Finds Vulnerabilities in Avaya, Cisco and Nortel ProductsAccording to the obtained reports, security flaws have been found in the
Avaya SIP Enablement Services along with the Cisco that malicious people
could exploit to expose sensitive information as well as to compromise an
affected system. Also, the interface of Web administration has been found containing
certain pages that fail to perform authentication checks. As a result, the
situation could be abused to reveal sensitive information. Furthermore, non-specified errors in input validation in the
administration interface could also be abused to run an arbitrary software
on the vulnerable system. This could potentially reveal system information
as well as sensitive information. But, for the exploitation to be
successful, suitable user credentials are required in the context of the
administration interface. However, the vulnerability has been rated as not
so critical. During a test by VoIPshield, it was found that Avaya's Communication
Manager 3.1x had 29 different security flaws, which on exploitation could
allow execution of remote code, access without authorization, information
harvesting, and creation of denial-of-service conditions. Meanwhile,
Cisco's Call Manager 4.x along with Unified Communications Manager version
5.x and 6.x were affected with 12 security flaws capable to cause hazards. Also, Nortel's Communications Server 1000 4.50.x, SIP Multimedia PC client
4.x and Multimedia Communications Server 5100 3.x were found with four
flaws that could cause unauthorized access or DoS exploits. According to Avaya, it is aware of the issues and informing customers and
also providing packages of updates that would tackle a few of these
problems. An Avaya Spokesman said that the ongoing service packs and
updates would be available on the company's support site. According to VoIPshield's President and CEO, Rick Dalmazzi, Avaya, Nortel
and Cisco were selected for the test of their product vulnerability
because they sold IP PBX in mass in North America, as reported by
networkworld on June 26, 2008. Dalmazzi said that his company had included
Microsoft in its subsequent round of examination and that the results
would be announced within four months. He also said that Cisco was issuing
free software updates to deal with the vulnerabilities for customers
having service contracts. Related article: Test Center Threat Watch Comes Under Spam Attack » SPAMfighter News - 17-07-2008 Share and tell your friends!
| | All SPAMfighter products offer a free trial! 
SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird. 
Optimize your Slow PC for better performance. Try FREE scan now
Disk space recovery
and disk optimization. Try FULL-DISKfighter free
SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial. 
Remove Spyware with SPYWAREfighter - Free 30 days trial 
Antivirus software for your Windows PC - Free 30 days trial |
