Mitel Voice Over IP Servers Disclose Calling Data to Remote Users
|
|
SecurityTracker Alert ID: 1007311
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Description: A vulnerability was reported in Mitel's voice over IP (VoIP) systems. A remote user can obtain information about calls made via the system.
Acme reported that a remote user can connect to the target server's telnet port when a call is in place to gain information about
the call in progress.
A remote user can attempt to login several times without success. However, when an outside call arrives,
the system will reportedly display information about the call. Information provided includes the type of service, the extension
number, and other call activity parameters, according to the report.
An exploit transcript is provided in the original advisory.
The original advisory is available (in Italian language) at:
http://olografix.org/acme/mitel.txt
|
Impact: A remote user can obtain information about telephone calls on the system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.mitel.com/ (Links to External Site)
|
Cause: Access control error, State error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
