Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
BID:24360
Info
Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
| Bugtraq ID: | 24360 |
| Class: | Configuration Error |
| CVE: |
CVE-2007-2512 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 07 2007 12:00AM |
| Updated: | Jun 07 2007 09:00PM |
| Credit: | Alcatel-Lucent and RUS-CERT reported this issue. |
| Vulnerable: |
Alcatel-Lucent OmniPCX Enterprise 7 |
| Not Vulnerable: | |
Discussion
Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
Alcatel-Lucent OmniPCX Enterpise VOIP Telephone Systems are prone to a security-bypass vulnerability due to a configuration error.
To exploit this issue, Attackers must have access to the affected phone or remote access to the computer daisy-chained to it. Attackers may obtain remote access to the computer by successfully exploiting other vulnerabilities.
This issue is relevant only on networks using 802.1x authentication with a voice VLAN to guarantee data and voice isolation.
Attackers may exploit this issue to bypass the 802.1x authentication mechanism and then access the voice VLAN network. Successful exploits will facilitate further attacks in the underlying voice network, such as denial-of-service and traffic-disruption attacks. Remote compromises may be limited to broadcast and multicast voice VLAN traffic only.
This issue affects OmniPCX Enterprise 7 (and later versions).
Alcatel-Lucent OmniPCX Enterpise VOIP Telephone Systems are prone to a security-bypass vulnerability due to a configuration error.
To exploit this issue, Attackers must have access to the affected phone or remote access to the computer daisy-chained to it. Attackers may obtain remote access to the computer by successfully exploiting other vulnerabilities.
This issue is relevant only on networks using 802.1x authentication with a voice VLAN to guarantee data and voice isolation.
Attackers may exploit this issue to bypass the 802.1x authentication mechanism and then access the voice VLAN network. Successful exploits will facilitate further attacks in the underlying voice network, such as denial-of-service and traffic-disruption attacks. Remote compromises may be limited to broadcast and multicast voice VLAN traffic only.
This issue affects OmniPCX Enterprise 7 (and later versions).
Exploit / POC
Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
Attackers may exploit this issue by gaining local access to an affected device or remote access to an affected computer connected to it (by successfully exploiting other vulnerabilities on the target computer).
Attackers may exploit this issue by gaining local access to an affected device or remote access to an affected computer connected to it (by successfully exploiting other vulnerabilities on the target computer).
Solution / Fix
Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
Solution:
The vendor advises users to change the default configuration to remediate this issue. Please see the vendor advisory for more information.
Solution:
The vendor advises users to change the default configuration to remediate this issue. Please see the vendor advisory for more information.
References
Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability
References:
References:
- RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0 ( Oliver Goebel)
- Alcatel-Lucent IP Touch (Alcatel-Lucent )
- Alcatel-Lucent Security Advisory No. SA027 (Alcatel-Lucent Alcatel-Lucent)