Avaya, Cisco and Nortel Patching VoIP ASAP

Doug Mohney — Tue, 24 Jun 2008 22:48:49 -0400

VoIP customers of Avaya, Cisco and Nortel should be on the lookout for patches today by 12 p.m. EDT to correct security vulnerabilities discovered by VoIPshield Laboratories.

According to Network World, VoIPShield earlier found and quietly reported the problems to the three vendors to give them time to develop patches for the flaws. Details of the vulnerabilities and vendor fixes are scheduled to be released in a simultaneous announcement between the three VoIP vendors and the security company. Two of the three vendors are expected to issue patches with the third to issue an advisory.

Vulnerabilities found affect VoIP PBXes and softphone software. If exploited, consequences could include remote code execution, unauthorized access, denial of service, and information harvesting.

Avaya, Cisco and Nortel were chosen by VoIPshield for testing because they represent the bulk of IP PBX sales in North America. Microsoft has been included in the next round of testing with results expected to be announced in about four months.

For more
- Network World reports Avaya, Cisco and Nortel VoIP vulnerabilities

Related articles:
Newport Networks Riles Up VoIP Security Fears
Circle the wagons, enterprise VoIP is under attack
Nortel Adds VoIP Security Thru SecureLogix

Security Company

Avaya, Cisco and Nortel Patching VoIP ASAP