CONTACT SALES
Internet Telephony Product of the Year

Weak authentication vulnerability in Snom-320 SIP phone may allow a remote attacker to misuse the phone

Advisory Number: VIPER-2007-036
Release Date: 2007.05.15
Source: Sipera VIPER Lab
Systems Affected: Snom 320 SIP Phone (Kernel Version: snom320 linux 3.25, Application-Version: snom320-SIP 6.2.3, Rootfs-Version: snom320 jffs2 v3.36)
Category: Desk SIP Phone Weak Authentication
Severity: Medium

Overview

A weak-authentication vulnerability in http implementation of Snom-320 SIP phone may allow a remote attacker to invoke phones calling features without authentication.

Impact

Attacker may cause multiple phones in an enterprise to ring simultaneously causing havoc. Toll calls may also be initiated on behalf of un-suspecting users.

Description

Snom-320 SIP phone is a remote-manageable and firmware-upgradeable SIP business telephone. It uses SIP protocol to provide VoIP services to business users. Snom-320 has a built-in web server which supports end-user configuration. The built-in web server listens on standard http port 80.

In addition to port 80, Snom-320 phone has TCP port 1800 open and accessible through http. If a remote attacker is able to send an HTTP GET request to port 1800 of Snom-320 phone, s/he may misuse the phone to call a random number. Successfully sending such random http requests to several phones in an enterprise will ring large number of phones simultaneously. In case of SIP Trunking, attacker may be able to initiate calls to toll numbers on behalf of un-suspecting users and increase billing.

Solution

Phone web-server implementation should be patched to authenticate access to port 1800.

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

Unified Communications Unleashed
Sipera Systems is the worldwide market leader in solutions for the rapid and simple adoption of Unified Communications (UC). Thousands of users around the globe rely on Sipera to secure VoIP, IP video, collaboration, messaging and dozens of other high-performance applications. Sipera’s groundbreaking “Borderless UC” enables controlled communications to any device in any location.

Years of UC Security experience is contained in Sipera unified communications (UC-Sec) products. These appliances benefit from the research conducted by Sipera VIPER Lab to provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance.

© Copyright 2006-2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, Sipera LAVA and Sipera VIPER and related services are trademarks of Sipera Systems, Inc.