VoIPshield Laboratories, the research division of VoIPshield Systems Inc., today made its second announcement of se...
June 25, 2008
VoIPshield Laboratories, the research division of VoIPshield Systems Inc., today made its second announcement of security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel.
This brings the total number of vulnerability groups reported to VoIP vendors in 2008 to over 50, representing over 175 unique vulnerabilities.
The vulnerability groups will be disclosed in limited detail on VoIPshield’s website at www.voipshield.com starting at noon EDT today.
Vulnerabilities are categorized into four exploit types based on their most likely malicious intent: remote code execution; unauthorized access; denial of service; and information harvesting.
Under its Responsible Disclosure Policy, VoIPshield works with the VoIP vendors to assist them in reproducing the vulnerabilities in their labs, thus facilitating the development of software patches for the affected products. Avaya, Cisco and Nortel are acknowledging these vulnerabilities today on their Web sites, and issuing their own security advisories.