Internet Telephony Product of the Year

Weak authentication vulnerability in Snom-320 SIP phone may allow a remote attacker to misuse the phone

Advisory Number: VIPER-2007-036
Release Date: 2007.05.15
Source: Sipera VIPER Lab
Systems Affected: Snom 320 SIP Phone (Kernel Version: snom320 linux 3.25, Application-Version: snom320-SIP 6.2.3, Rootfs-Version: snom320 jffs2 v3.36)
Category: Desk SIP Phone Weak Authentication
Severity: Medium

Overview

A weak-authentication vulnerability in http implementation of Snom-320 SIP phone may allow a remote attacker to invoke phones calling features without authentication.

Impact

Attacker may cause multiple phones in an enterprise to ring simultaneously causing havoc. Toll calls may also be initiated on behalf of un-suspecting users.

Description

Snom-320 SIP phone is a remote-manageable and firmware-upgradeable SIP business telephone. It uses SIP protocol to provide VoIP services to business users. Snom-320 has a built-in web server which supports end-user configuration. The built-in web server listens on standard http port 80.

In addition to port 80, Snom-320 phone has TCP port 1800 open and accessible through http. If a remote attacker is able to send an HTTP GET request to port 1800 of Snom-320 phone, s/he may misuse the phone to call a random number. Successfully sending such random http requests to several phones in an enterprise will ring large number of phones simultaneously. In case of SIP Trunking, attacker may be able to initiate calls to toll numbers on behalf of un-suspecting users and increase billing.

Solution

Phone web-server implementation should be patched to authenticate access to port 1800.

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

UC Security Defined
Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab, Sipera's solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance.

© Copyright 2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.