Avaya, Cisco and Nortel VoIP kit have serious flaws

VoIPshield testing has found potentially serious security flaws in VoIP from Cisco, Avaya and Nortel, which between them account for the lion's share of VoIP systems in use.


The company found that Avaya's Communication Manager 3.1x had 29 separate vulnerabilities that could result in remote code execution, unauthorised access, denial-of-service (DoS) and information harvesting, according to Tim Greene, Network World US



Cisco's Unified Communications Manager versions 5.x and 6.x, as well as Call Manager 4.x, were found to have 12 vulnerabilities that could lead to unauthorised access and DoS attacks.


VoIPShield found four weaknesses in Nortel's Communications Server 1000 4.50.x, Multimedia Communications Server 5100 3.x, and SIP Multimedia PC client 4.x w that could result in unauthorised access and DoS exploits.


Cisco and Avaya said they were addressing the issues raised by VoIPShield, but Nortel could not be contacted, the report said.


Microsoft will be included in the next round of testing, whose results should be published in autumn.