- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Avaya and Cisco have addressed a report that their VoIP gear is vulnerable to a variety of attacks. VoIPshield Laboratories found the vulnerabilities, which also impact certain Nortel gear.
In its testing VoIPshield found that Avaya's Communication Manager 3.1x contained 29 separate vulnerabilities, that if exploited, could result in remote code-execution, unauthorized access, denial-of-service (DoS) and information harvesting. (Compare IP PBX products)
Cisco's Unified Communications Manager versions 5.x and 6.x, as well as Call Manager 4.x, were affected by a total of 12 vulnerabilities that could lead to unauthorized access and DoS attacks.
Nortel's Communications Server 1000 4.50.x, Multimedia Communications Server 5100 3.x, and SIP Multimedia PC client 4.x were cited for a total of four vulnerabilities that could lead to unauthorized access and DoS exploits.
Avaya says it knows about the problems and is issuing advisories to customers and providing service-pack updates that address some of them. "Ongoing updates and service packs addressing this will continue to be made accessible on our support site," an Avaya spokesman says.
Cisco is releasing software updates that address the vulnerabilities at no extra charge for customers with service contracts Nortel did not respond to questions about their response to the VoIPshield warnings.
Rick Dalmazzi, president and CEO of VoIPshield, says Avaya, Cisco and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America. The company has included Microsoft in its next round of testing, the results of which will come out in about four months.
VoIPshield Systems makes VoIP vulnerability-testing software, as well as an intrusion-prevention system designed for VoIP.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comments (1)
Cisco updates availableBy Cisco Subnet on June 26, 2008, 1:47 pmSee Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Go to Cisco Subnet for more Cisco news,...
Reply | Read entire comment
View all comments