Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Avaya, Cisco and Nortel face VoIP vulnerabilities

VoIP security problem details and remedies are expected tomorrow
By Tim Greene , Network World , 06/24/2008

VoIP customers of Avaya, Cisco and Nortel should look Wednesday for patches that correct newly found vulnerabilities that, if exploited, can result in remote code execution; unauthorized access; denial of service; and information harvesting.

The vulnerabilities were found by VoIPshield Laboratories and reported earlier to the three vendors in order to give them time to develop patches for the flaws, says Rick Dalmazzi, president and CEO of VoIPshield. Details of the vulnerabilities and the vendor responses are scheduled to be released Wednesday at noon Eastern time. Dalmazzi would not reveal more details because his company and the affected VoIP vendors agreed to a simultaneous announcement.

Don't Miss!Read the latest WhitePaper - Troubleshooting Remote Site Networks - Best Practices

He says he believes two of the three vendors will have patches available Wednesday and the third will issue an advisory.

The vulnerabilities found affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops, Dalmazzi says. (Compare IP PBX products.)

Related Content

VoIPshield ranks most of the vulnerabilities found as either critical or high, the two most severe rankings on its four-step scale.

Avaya, Cisco and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America, Dalmazzi says. The company has included Microsoft in its next round of testing, the results of which will come out in about four months.

VoIPshield Systems makes VoIP vulnerability testing software as well as an intrusion-prevention system designed for VoIP.

Partner Content
Foundry Networks

The Foundry Enterprise Advantage

Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.

For further information on Foundry Networks please click here.

Leveraging the Advantages
of a Multi-vendor Network Strategy

Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.

Click here to view whitepaper!

Comments (6)
Login
Forgot your account info?

VoIP Vulnerabilities versus Voice VulnerabilitiesBy Rick J on June 26, 2008, 11:21 pmClearly, it's important to find/fix vulnerabilities in VoIP applications. At the same time, there are a number of important and active risks posed by voice networks...

Reply | Read entire comment

VoIP Vulnerabilities versus Voice VulnerabilitiesBy Rick J on June 26, 2008, 7:20 pmClearly, it's important to find/fix vulnerabilities in VoIP applications. At the same time, there are a number of important and active risks posed by voice networks...

Reply | Read entire comment

i cant find anything about this on CCO; did anything transpire?By Anonymous on June 25, 2008, 7:43 pmi cant find anything about this on CCO; did anything transpire?

Reply | Read entire comment

so were is the annoucementBy Anonymous on June 25, 2008, 7:39 pmSo were is the noon annoucement

Reply | Read entire comment

Today is the day!By Anonymous on June 25, 2008, 3:50 pmThe announcement is only minutes away...I wonder if any of the big-name companies will be in the news this week (if they don't patch). A link to this article can...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.