Nortel UNIStim IT Sequence Number Intercept
UNIStim is the proprietary protocol used for signaling within a Nortel PBX environment. The protocol includes the ability to change from one legitimate server to another.
However, an attacker could take advantage of this by using a series of two commands to assume control of a UNIStim client. A simple sniffing or brute force attack is required to determine the correct sequence number to use in the issuing of the new commands, causing a Denial of Service, etc.
UNIStim Clients and Servers
To completely address the issue requires implementing the secure version of UNIStim, which in turn may require a proxy system for the server as well as additional administration effort. In the short term it is recommended that a VoIP aware IPS product, such as VoIPguard, with signatures to detect attempts to exploit this issue, be implemented to prevent it from being exploited. Implementing best practices can limit the exposure of this issue. Therefore it is recommended that only authorized systems and users be allowed to communicate using UNIStim and that appropriate access be implemented on network switches.
Nortel customers with a valid support agreement may wish to speak with their support contact in order to obtain further vendor details.
Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.
Click on a level for description
Vendor Response LegendPatch available
Attempting to address the issue
No vendor response