topleft topright
         

Use the Search field or Category and Vendor filters to navigate the database of vulnerabilities. Click vulnerability for details.

Severity Title Category Vendor Product Released Response
3 Nortel Multimedia Communications Server 5100 Call Spoofing and Redirection Unauthorized Access Nortel Multimedia Communications Server 5100 3.x 2008-10-08 att_issue
3 Nortel Multimedia Communications Server 5100 IP Client Manager UNIStim File Transfer Protocol - Connection Details Denial of Service Nortel Multimedia Communications Server 5100 3.x 2008-10-08 att_issue
3 Avaya Communication Manager Web Administration Interface - Privilege Elevation Vulnerability Code Execution Avaya Communication Manager 4.x 2008-10-08 patch
3 Avaya Communication Manager Web Administration Interface - Code Execution Vulnerability Code Execution Avaya Communication Manager 4.x 2008-10-08 patch
2 Avaya Communication Manager Unauthorized Web Access Unauthorized Access Avaya Communication Manager 4.x 2008-10-08 att_issue
3 Avaya one-X Desktop Edition Session Initiation Protocol Denial of Service Denial of Service Avaya Avaya one-X Desktop Edition 2.1 2008-10-08 att_issue
3 Avaya IP Softphone H.323 Denial of Service Denial of Service Avaya Avaya IP Softphone 6.0 SP4 2008-10-08 att_issue
4 Cisco Unity Authentication Bypass Unauthorized Access Cisco Cisco Unity 7.0 2008-10-08 patch
3 Cisco Unity Stored Cross-Site Scripting Vulnerability Code Execution Cisco Cisco Unity 7.0 2008-10-08 att_issue
4 Cisco Unity Session Exhaustion Denial of Service Denial of Service Cisco Cisco Unity 7.0 2008-10-08 patch
4 Cisco Unity Multiple Denial of Service Vulnerabilities Denial of Service Cisco Cisco Unity 7.0 2008-10-08 att_issue
2 Cisco Unity Reports Information Disclosure Unauthorized Access Cisco Cisco Unity 7.0 2008-10-08 patch
4 CS1000 Oversized Command DoS Denial of Service Nortel Communications Server 1000 4.50.x 2008-06-25 att_issue
3 Serviceability Monitoring Tool Unauthenticated Access to Phone Device Search Function Unauthorized Access Cisco Call Manager 4.x, Unified Communications Manager 5.x, Unified Communications Manager 6.x 2008-06-25 patch
3 Serviceability Monitoring Tool Unauthenticated Access to Server Processes Function Unauthorized Access Cisco Unified Communications Manager 5.x, Unified Communications Manager 6.x 2008-06-25 patch
3 SIP Enablement Service View/Restore Data Configuration Privilege Elevation Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-06-25 att_issue
3 Communication Manager View/Restore Data Credential Privilege Elevation Code Execution Avaya Communication Manager 3.1.x 2008-06-25 att_issue
2 Communication Manager System Log Viewer Arbitrary Command Execution Code Execution Avaya Communication Manager 3.1.x 2008-06-25 att_issue
3 Serviceability Monitoring Tool Unauthenticated Access to Search Lines Function Unauthorized Access Cisco Call Manager 4.x, Unified Communications Manager 5.x, Unified Communications Manager 6.x 2008-06-25 patch
4 MCS5100 Wireless Client Manager Session Initiation Protocol Proxy DoS Denial of Service Nortel Multimedia Communications Server 5100 3.x 2008-06-25 workaround
<< Start < Previous Next > End >>
Display # Results 1 - 20 of 93
 

Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.

VoIPshield Systems Vendor Disclosure Policy

Severity Legend

Click on a level for description
Low

A low severity issue falls into one of two categories.  Firstly, there are those that are not directly exploitable and affect a single IP client, a small subset of the deployment, or are quite innocuous taken by themselves. In other words, they provide information which either involves only a small number (or single) client and that information requires considerable other information or effort to be useful to an attacker.  The other category of low severity issues includes those that are best practices which are not intended to directly mitigate an exploitable risk but to increase overall security robustness and demonstrate due diligence.

Read More

Medium

A medium severity issue is typically an issue which can lead to further exploitation or provides short-lived effect on a minimal number of clients.  It may not be immediately exploitable but provides sufficient information or access to move an attack closer to fruition.  Alternately it may provide unauthorized access not directly related to the VoIP portion of the network.

Read More

High

A high severity issue can be exploited to compromise one or more nodes within the deployment but may require authentication, especially when exploiting multiple systems simultaneously. In addition, it may be possible to protect against untrusted exploitation of the issue by deploying traditional security tools.

Read More

Critical

A critical severity issue can be exploited by an untrusted individual to compromise the entire deployment under review.  There are no security or protective mechanisms in place that will mediate exploitation of this vulnerability by an untrusted individual.

Read More

Vendor Response Legend

Patch available
Workaround proposed
Attempting to address the issue
No vendor response
info@voipshield.com | Privacy Policy | Sitemap
Copyright © VoIPshield Systems Inc. All rights reserved.