 |
 |
    |
SIP parsing error in Avaya one-X Desktop Edition may allow an attacker to disconnect it from the server and crash
OverviewAn implementation error in SIP message parsing module of Avaya one-X Desktop Edition SIP phone may allow a remote attacker to crash the phone. ImpactSuccessfully sending a malformed message to the phone crashes the phone causing denial of service to user. Description
Avaya one-X™ Desktop Edition, formerly Avaya SIP soft phone, transforms Windows-based PCs into SIP-based collaboration endpoints. A SIP header parsing error exists in Avaya one-X phone which may allow a remote attacker to cause the phone to enter in an error state causing it to display an error message meaning “Connection to server was lost. The phone will now exit. Please restart the phone”. Clicking OK on such message shuts down the phone and it must be restarted. Sending such messages to multiple phones may cause denial of service to several users. Related Links
Phone SIP stack implementation should be patched to prevent exploiting such vulnerability. Vendor Response:Avaya: The official response for the one-X Desktop Edition vulnerabilities, ASA-2007-241, is posted at http://support.avaya.com/elmodocs2/security/ASA-2007-241.htm For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
UC Security Defined
Sipera Systems, the leader in real-time Unified
Communications (UC) security, is the choice of enterprises
and service providers around the world to support their
mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions
that secure voice, video, messaging, collaboration, and
other real-time communications in converged IP networks,
boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab,
Sipera's solutions provide comprehensive threat protection,
policy enforcement, access control, and encryption in a
single flexible appliance.