Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

Bugtraq ID:	22191
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 23 2007 12:00AM
Updated:	Jan 25 2007 04:28PM
Credit:	Adrian Pastor is credited with discovering this issue.
Vulnerable:	Soyo Group Inc. SOYO G668 Ethernet IP Phone 1.42 ATCOM AT-320ED IP Phone 1.54 ATCOM AT-320ED IP Phone 1.42 Aredfox PA168 1.54 Aredfox PA168 1.42
Not Vulnerable:

Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

Multiple VoIP phones using the Aredfox PA168 Chipset are prone to a session-hijacking vulnerability due to a design error.

An attacker can exploit this issue to gain administrative access to the embedded webserver running on the affected device. This may allow attackers to completely compromise affected devices.

VoIP phones using the Aredfox PA168 chipset with SIP Firmware V1.42 and 1.54 are vulnerable.

Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/active-session-attack.sh

Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

References:

• Soyo G668 (Soyo Group Inc.)
  
• Aredfox Homepage (Aredfox)
  
• Atcom AT-320ED Homepage (Atcom)