topleft topright
VoIPshield System stopped publishing new vulnerabilities as of November 2008. If you are interested in newest VoIP vulnerabilities please send an email to info@voipshield.com.

  

Use the Search field or Category and Vendor filters to navigate the database of vulnerabilities. Click vulnerability for details.

Severity Tracking ID Category Vendor Product Released Response
SES SIP Credential Reuse
4 VSRAV-2008-002 Unauthorized Access Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 workaround
UCM Multiple Hardcoded Passwords
4 VSRCS-2008-001 Unauthorized Access Cisco Unified Communications Manager 5.x 2008-04-01 att_issue
CS1000 Multiple Hardcoded Passwords
4 VSRNT-2008-003 Unauthorized Access Nortel Communications Server 1000 4.50.x 2008-04-01 att_issue
IM SMS Ping Code Execution
2 VSRAV-2008-001 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
CS1000 FTP Session Limit Exhaustion
4 VSRNT-2008-001 Denial of Service Nortel Communications Server 1000 4.50.x 2008-04-01 att_issue
IM SMS Log Viewer Code Execution
2 VSRAV-2008-001 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
IM SMS Arbitrary File Deletion
3 VSRAV-2008-001 Unauthorized Access Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
IM SMS File Existence Flaw
2 VSRAV-2008-001 Unauthorized Access Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
SES SIP SQL Injection
3 VSRAV-2008-002 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 workaround
SES SIP SQL Denial of Service
3 VSRAV-2008-002 Denial of Service Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 workaround
SPIM Unauthenticated SQL Injection
4 VSRAV-2008-003 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 workaround
IM SMS Hostname Privilege Elevation
3 VSRAV-2008-001 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
IM SMS Route Privilege Elevation
3 VSRAV-2008-001 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 att_issue
SPIM Permissions SQL Injection
3 VSRAV-2008-003 Code Execution Avaya Communication Manager 3.1.x, Communication Manager 4.x 2008-04-01 workaround
Nortel UNIStim IT Sequence Number Intercept
4 VSRNT-2008-002 Unauthorized Access Nortel UNIStim Clients and Servers 2008-04-01 patch
Web Application Structure Disclosure
1 VSRNT-2008-004 Information Gathering Nortel Communications Server 1000 4.50.x 2008-04-01 att_issue
DRF Get Registration Command Injection
1 VSRCS-2008-002 Information Gathering Cisco Unified Communications Manager 5.x 2008-04-01 patch
DRF Get Schedule Command Injection
1 VSRCS-2008-002 Information Gathering Cisco Unified Communications Manager 5.x 2008-04-01 patch
Address Book SQL Injection
3 VSRCS-2008-003 Code Execution Cisco Unified Communications Manager 5.x 2008-04-01 att_issue
Unauthenticated Alarm Application Access
2 VSRCS-2008-003 Unauthorized Access Cisco Unified Communications Manager 5.x 2008-04-01 att_issue
<< Start < Previous Next > End >>
Display # Results 1 - 20 of 97
 

Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.

Severity Legend

Click on a level for description
Low

A low severity issue falls into one of two categories.  Firstly, there are those that are not directly exploitable and affect a single IP client, a small subset of the deployment, or are quite innocuous taken by themselves. In other words, they provide information which either involves only a small number (or single) client and that information requires considerable other information or effort to be useful to an attacker.  The other category of low severity issues includes those that are best practices which are not intended to directly mitigate an exploitable risk but to increase overall security robustness and demonstrate due diligence.

Medium

A medium severity issue is typically an issue which can lead to further exploitation or provides short-lived effect on a minimal number of clients.  It may not be immediately exploitable but provides sufficient information or access to move an attack closer to fruition.  Alternately it may provide unauthorized access not directly related to the VoIP portion of the network.

High

A high severity issue can be exploited to compromise one or more nodes within the deployment but may require authentication, especially when exploiting multiple systems simultaneously. In addition, it may be possible to protect against untrusted exploitation of the issue by deploying traditional security tools.

Critical

A critical severity issue can be exploited by an untrusted individual to compromise the entire deployment under review.  There are no security or protective mechanisms in place that will mediate exploitation of this vulnerability by an untrusted individual.

Vendor Response Legend

Patch available
Workaround proposed
Attempting to address the issue
No vendor response
info@voipshield.com | Privacy Policy | Sitemap
Copyright © VoIPshield Systems Inc. All rights reserved.