|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Mitel Networks Information for VU#749342
| Date Notified: | |
| Date Updated: | |
| Status Summary: | Unknown |
Vendor StatementNot vulnerable, with the possible exception of the 5700 Voice First videoconferencing solution and associated video endpoints. Those video products are still under investigation. Mitel Networks Security Advisory MNSA-2004-001 has been issued and distributed to Mitel resellers to address these concerns. Please report any security concerns with Mitel Networks products to "security@mitel.com".Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumThis statement has been mirrored at http://www.uniras.gov.uk/vuls/2004/006489/h323.htm#Mitel
An additional copy of the Mitel Networks advisory is available here
- - ---------------------------------------------------------
Mitel Networks Security Advisory MNSA-2004-001: Vulnerability Reports in
H.323 Implementations
Synopsis: Interim Statement About Vulnerability Reports in H.323
Implementations
Advisory: MNSA-2004-001
Release Date: 2004-01-16
Last Revised: 2004-01-16
Severity: Important
Impact: See below
Affected Products: See below
1. SUMMARY
On Tuesday, January 13th, advisories were issued by the
UK National Infrastructure Security Co-Ordination Centre and
the CERT Coordination Center about potential vulnerabilities
in multiple implementations of the H.323 protocol used for
some Voice-over-IP and videoconferencing products. Exploitation
of these vulnerabilities could potentially result in a denial-of-
service attack or remote code execution.
At the current time Mitel Networks has determined that all of
its VoIP products are NOT vulnerable as they do not make use
of the H.323 protocol.
However, we are still investigating whether or not a potential
vulnerability exists with the following videoconferencing products:
* 5700 Voice First Solution
* 5750 Desktop Video Appliance
* 5760 Videoconference Appliance
This advisory will be updated when the results of that investigation
are complete.
2. RECOMMENDATION
Until the investigation can be completed Mitel Networks recommends
that administrators of sites with the 5700 Voice First Solution
follow the workaround suggested in the CERT advisory of applying
network filters to block access to H.323 services at network borders
to minimize any potential denial-of-service attacks originating
outside your network. Please see the CERT advisory (URL below) for
more information.
3. DESCRIPTION
No vulnerability has yet been identified. If a vulnerability is
found, the description will appear here.
4. AFFECTED PRODUCTS
As noted above, the only Mitel Networks products still under
investigation are:
* 5700 Voice First Solution
* 5750 Desktop Video Appliance
* 5760 Videoconference Appliance
It is important to note that no vulnerability has yet been found
in these products and they are still under active investigation.
5. REFERENCES
For more information about this potential vulnerability, see:
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
http://www.cert.org/advisories/CA-2004-01.html
6. REVISION HISTORY
V1.0 - 16 January 2004 - Initial interim statement
7. CONTACT INFORMATION
For questions relating to Mitel Networks products, please contact
the Mitel Networks Product Support organization appropriate for your
geographic region.
If you believe you have found a security issue with a Mitel Networks
product, please e-mail:
security@mitel.com
Mitel Networks Product Security Team
PGP Key ID: 000492A6
Fingerprint: 1AF0 1058 6DD8 6A18 4032 84B7 4223 5A3B 0004 92A6
Copyright 2004 Mitel Networks Corporation
- - ---------------------------------------------------------
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
