Nortel IP Phones是一款IP电话应用方案。
Nortel IP Phones存在设计错误,远程攻击者可以利用漏洞对设备进行窃听,导致敏感信息泄露。
如果正确的UNIStim消息发送给IP电话,IP电话可进入surveillance模式,UNIStim消息ID必须匹配信号服务器和IP电话间的可预期ID,协议使用16位大小作为ID数字,如果恶意用户发送65536个所有可能ID号的伪造UNIStim消息,可导致消息被窃听,造成敏感信息泄露。
Nortel Networks Universal Access - IP 0
Nortel Networks Survivable Remote Gateway 50
Nortel Networks Survivable Remote Gateway 200/400
Nortel Networks Succession Multimedia Communications 0
Nortel Networks Packet Transit - IP 0
Nortel Networks Mobile Voice Client 2050
Nortel Networks Meridian 1 - Option 81C 0
Nortel Networks Meridian 1 - Option 61C 0
Nortel Networks Meridian 1 - Option 51C 0
Nortel Networks Meridian 1 - Option 11C 0
Nortel Networks Meridian 1 - Option11C Mini
Nortel Networks IP softphone 2050
Nortel Networks IP Phone 2007
Nortel Networks IP Phone 2004
Nortel Networks IP Phone 2002
Nortel Networks IP Phone 2001
Nortel Networks IP Phone 1150E
Nortel Networks IP Phone 1140E
Nortel Networks IP Phone 1120E
Nortel Networks IP Phone 1110
Nortel Networks IP Audio Conference Phone 2033
Nortel Networks Integrated Access - Cable 0
Nortel Networks Extended Peripheral Module 0
Nortel Networks Communications Server 2100
Nortel Networks Communication Server 1000S
Nortel Networks Communication Server 1000M Cabinet/Chassi
Nortel Networks Communication Server 1000E
Nortel Networks Circuit Switching 0
Nortel Networks Centrex IP Element Manager 0
Nortel Networks Centrex IP Client Manager
Nortel Networks Business Communications Manager
Nortel Networks BCM 50
Nortel Networks BCM 400
Nortel Networks BCM 1000
可参考如下安全公告获得补丁信息:
<a href="http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY" target="_blank">http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY</a>
京ICP备10040895号
暂无评论