VoIPshield Labs

VoIPshield System stopped publishing new vulnerabilities as of November 2008. If you are interested in newest VoIP vulnerabilities please send an email to info@voipshield.com.

Subscribe RSS

Use the Search field or Category and Vendor filters to navigate the database of vulnerabilities. Click vulnerability for details.

Severity	Tracking ID	Category	Vendor	Product	Released
Microsoft Communicator Emoticon Denial of Service
	VSRMS-2008-001	Denial of Service	Microsoft	Microsoft Communicator	2008-11-11
Microsoft Communicator Real-time Transport Control Protocol Report Block Denial of Service
	VSRMS-2008-002	Denial of Service	Microsoft	Microsoft Communicator	2008-11-11
Microsoft Communicator INVITE Flood Denial of Service
	VSRMS-2008-003	Denial of Service	Microsoft	Microsoft Communicator	2008-11-11
Nortel Multimedia Communications Server 5100 Call Spoofing and Redirection
	VSRNT-2008-010	Unauthorized Access	Nortel	Multimedia Communications Server 5100 3.x	2008-10-08
Nortel Multimedia Communications Server 5100 IP Client Manager UNIStim File Transfer Protocol - Connection Details
	VSRNT-2008-011	Denial of Service	Nortel	Multimedia Communications Server 5100 3.x	2008-10-08
Avaya Communication Manager Web Administration Interface - Privilege Elevation Vulnerability
	VSRAV-2008-007	Code Execution	Avaya	Communication Manager 4.x	2008-10-08
Avaya Communication Manager Web Administration Interface - Code Execution Vulnerability
	VSRAV-2008-007	Code Execution	Avaya	Communication Manager 4.x	2008-10-08
Avaya Communication Manager Unauthorized Web Access
	VSRAV-2008-008	Unauthorized Access	Avaya	Communication Manager 4.x	2008-10-08
Avaya one-X Desktop Edition Session Initiation Protocol Denial of Service
	VSRAV-2008-009	Denial of Service	Avaya	Avaya one-X Desktop Edition 2.1	2008-10-08
Avaya IP Softphone H.323 Denial of Service
	VSRAV-2008-010	Denial of Service	Avaya	Avaya IP Softphone 6.0 SP4	2008-10-08
Cisco Unity Authentication Bypass
	VSRCS-2008-008	Unauthorized Access	Cisco	Cisco Unity 7.0	2008-10-08
Cisco Unity Stored Cross-Site Scripting Vulnerability
	VSRCS-2008-009	Code Execution	Cisco	Cisco Unity 7.0	2008-10-08
Cisco Unity Session Exhaustion Denial of Service
	VSRCS-2008-010	Denial of Service	Cisco	Cisco Unity 7.0	2008-10-08
Cisco Unity Multiple Denial of Service Vulnerabilities
	VSRCS-2008-011	Denial of Service	Cisco	Cisco Unity 7.0, Other	2008-10-08
Cisco Unity Reports Information Disclosure
	VSRCS-2008-012	Unauthorized Access	Cisco	Cisco Unity 7.0	2008-10-08
CS1000 Oversized Command DoS
	VSRNT-2008-006	Denial of Service	Nortel	Communications Server 1000 4.50.x	2008-06-25
Serviceability Monitoring Tool Unauthenticated Access to Phone Device Search Function
	VSRCS-2008-006	Unauthorized Access	Cisco	Call Manager 4.x, Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
Serviceability Monitoring Tool Unauthenticated Access to Server Processes Function
	VSRCS-2008-006	Unauthorized Access	Cisco	Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
SIP Enablement Service View/Restore Data Configuration Privilege Elevation
	VSRAV-2008-004	Code Execution	Avaya	Communication Manager 3.1.x, Communication Manager 4.x	2008-06-25
Communication Manager View/Restore Data Credential Privilege Elevation
	VSRAV-2008-004	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Communication Manager System Log Viewer Arbitrary Command Execution
	VSRAV-2008-004	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Serviceability Monitoring Tool Unauthenticated Access to Search Lines Function
	VSRCS-2008-006	Unauthorized Access	Cisco	Call Manager 4.x, Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
MCS5100 Wireless Client Manager Session Initiation Protocol Proxy DoS
	VSRNT-2008-008	Denial of Service	Nortel	Multimedia Communications Server 5100 3.x	2008-06-25
SIP Multimedia PC Client Unlimited Session DoS
	VSRNT-2008-007	Denial of Service	Nortel	SIP Multimedia PC Client 4.x	2008-06-25
SIP Multimedia PC Client Unauthenticated Cross Domain Access
	VSRNT-2008-009	Unauthorized Access	Nortel	Other, SIP Multimedia PC Client 4.x	2008-06-25
Call Manager CTIManager DoS
	VSRCS-2008-005	Denial of Service	Cisco	Call Manager 4.x, Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
Unified Communications Manager CTIManager DoS
	VSRCS-2008-005	Denial of Service	Cisco	Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
Serviceability Monitoring Tool Unauthenticated Access to Critical Services Function
	VSRCS-2008-006	Unauthorized Access	Cisco	Unified Communications Manager 5.x, Unified Communications Manager 6.x	2008-06-25
SIP Enablement Service Web Interface Application Server Configuration Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Database Server Configuration Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server DNS Lookup Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server Ping Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server Network Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server External Hosts Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server External Hosts Add/Change Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server Windows Domain Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server Time Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server Alarm Configuration Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Command Line History Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server FTP Remote Storage Arbitrary Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
Message Storage Server SFTP Remote Storage Command Execution
	VSRAV-2008-005	Code Execution	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Password Decryption Utility Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Database Password Decryption Utility Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Password Encryption Utility Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Certificate Utility Disclosure
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Objects Folder Script Execution
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Default Application Execution
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface States Folder Script Execution
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Server Configuration Information Application Execution
	VSRAV-2008-004	Unauthorized Access	Avaya	Communication Manager 3.1.x	2008-06-25
SIP Enablement Service Web Interface Unrestricted Help Access
	VSRAV-2008-004	Information Gathering	Avaya	Communication Manager 3.1.x	2008-06-25

<< Start < Previous Next > End >>
Display #		Results 1 - 50 of 97

Each line represents an individual vulnerability or group of vulnerabilities. For example, "UCM Multiple Hardcoded Passwords" is presented here in a single line but was reported to Nortel as sixteen (16) individual vulnerabilities.

Severity Legend

Click on a level for description

Low

A low severity issue falls into one of two categories. Firstly, there are those that are not directly exploitable and affect a single IP client, a small subset of the deployment, or are quite innocuous taken by themselves. In other words, they provide information which either involves only a small number (or single) client and that information requires considerable other information or effort to be useful to an attacker. The other category of low severity issues includes those that are best practices which are not intended to directly mitigate an exploitable risk but to increase overall security robustness and demonstrate due diligence.

Medium

A medium severity issue is typically an issue which can lead to further exploitation or provides short-lived effect on a minimal number of clients. It may not be immediately exploitable but provides sufficient information or access to move an attack closer to fruition. Alternately it may provide unauthorized access not directly related to the VoIP portion of the network.

High

A high severity issue can be exploited to compromise one or more nodes within the deployment but may require authentication, especially when exploiting multiple systems simultaneously. In addition, it may be possible to protect against untrusted exploitation of the issue by deploying traditional security tools.

Critical

A critical severity issue can be exploited by an untrusted individual to compromise the entire deployment under review. There are no security or protective mechanisms in place that will mediate exploitation of this vulnerability by an untrusted individual.

Vendor Response Legend

Patch available

Workaround proposed

Attempting to address the issue

No vendor response