Network World - Voice-over-IP (VoIP) customers of Avaya, Cisco and Nortel should look Wednesday for patches that correct newly found vulnerabilities that, if exploited, can result in remote code execution, unauthorized access, denial of service and information harvesting.
The vulnerabilities were found by VoIPshield Laboratories, the research division of VoIPshield Systems Inc., and reported earlier to the three vendors to give them time to develop patches for the flaws, said Rick Dalmazzi, president and CEO of VoIPshield. Details of the vulnerabilities and the vendor responses are scheduled to be released Wednesday at noon Eastern time. Dalmazzi would not reveal more details because his company and the affected VoIP vendors agreed to a simultaneous announcement.
He said he believes two of the three vendors will have patches available Wednesday and the third will issue an advisory.
The vulnerabilities affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops, Dalmazzi said. (Compare IP PBX products.)
VoIPshield ranks most of the vulnerabilities found as either critical or high, the two most severe rankings on its four-step scale.
Avaya, Cisco and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America, Dalmazzi said. The company has included Microsoft in its next round of testing, the results of which will come out in about four months.
VoIPshield Systems makes VoIP vulnerability testing software and an intrusion-prevention system designed for VoIP.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
