More Vulnerabilities with Pingtel xpressa SIP-based IP phones

2002-08-22T00:00:00
ID SECURITYVULNS:DOC:3400
Type securityvulns
Reporter Securityvulns
Modified 2002-08-22T00:00:00

Description

The Sys-Security Group Security Advisory

"More Vulnerabilities with Pingtel xpressa SIP-based IP Phones"

Release Date: 08/20/2002 Affected Platforms: Pingtel xpressa SIP IP phones model PX-1 with software version 2.0.1 and below; Pingtel instant xpressa softphones with software version 2.0.1 and below Severity: High Author: Ofir Arkin (ofir@sys-security.com)

Summary Pingtel (http://www.pingtel.com) develops intelligent Java-based voice-over-IP phones and softphones for service providers and enterprises.

Using the vulnerabilities enumerated within this advisory it is possible to jeopardize critical telephony infrastructure based on Pingtel's xpressa SIP-based IP phones and softphones. Additionally, certain vulnerabilities allow an attacker to take complete control over an IP Phone or a softphone node either directly or by circumventing other SIP entities on the network by abusing the 'node's credentials'.

The most severe issue discussed is the way an attacker can exploit vulnerabilities with MyPingtel Portal (http://my.pingtel.com) to subvert a VoIP infrastructure which includes IP Phones and/or softphones from Pingtel.

Full Details in PDF format (~500kb): http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with _Pingtel_xpressa_Phones.pdf

Full Details in HTML format: http://www.sys-security.com/archive/advisories/html/More_Vulnerabilities _with_Pingtel_xpressa_Phones.htm

Moderated text version is attached to this email and available from: http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with _Pingtel_xpressa_SIP-based_IP_phones.txt

Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

For more information: http://www.sys-security.com Copyright (c) The Sys-Security Group 2002, all rights reserved.