SES SIP Credential Reuse
The Avaya Communication Manager and the SIP Enablement Services (SES) allow leveraging the SIP protocol to improve the connectivity and openness of Communication Manager by allowing SIP-based clients to connect to the Communication Manager.
SIP users typically employ basic authentication in order to authenticate to the server. Due to a flaw in the authentication it is possible to reuse valid credentials for unauthorized access or to overflow the server and cause a DoS.
Communication Manager 3.1.x, Communication Manager 4.x
In order to address this vulnerability Avaya recommends upgrade to SES ver 5.1 or later. More details could be found in http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm
In the short term it is recommended that a VoIP aware IPS product, such as VoIPguard, with signatures to detect attempts to exploit this issue, be implemented to prevent it from being exploited. Implementing best practices can limit the exposure of this issue by disallowing SIP access from unauthorized network locations.
Implementing stronger authentication can assist in reducing the number of attackers in a position to exploit the issue, though requires additional system management effort.
Avaya customers with a valid support agreement may wish to speak with their support contact in order to obtain further vendor details.
Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.
Click on a level for description
Vendor Response LegendPatch available
Attempting to address the issue
No vendor response