JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service (DoS).

Impact

An attacker may cause system down and reboot of the products by sending a specially crafted command.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.
The developer has released the following versions.

• UNIVERGE Aspire WX 4.00 or the later
• UNIVERGE Aspire UX 9.80 or the later
• UNIVERGE SV9100 11.00 or the later
• SL2100 3.10 or the later

Apply Workarounds
The following workarounds may mitigate the affects of this vulnerability.

• Disable the remote system maintenance feature.
• Do not directly connect the products to an external network such as the Internet.
  Note that the products’ remote system maintenance feature is disabled by default.

Products Affected

• UNIVERGE Aspire WX from 1.00 to 3.51
• UNIVERGE Aspire UX from 1.00 to 9.70
• UNIVERGE SV9100 from 1.00 to 10.70
• SL2100 from 1.00 to 3.00