Avaya VoIP phones at risk of Cyber-attacks, study suggests

VOIP brings a series of risks and requires good network design, segmentation of the control plane, and a comprehensive patch regime. If you’re running Avaya, time to patch…:
Espionage risks and cyberattack are normally limited to handheld phones or cellphones and to applications that are capable of connecting to the internet, but now a greater risk is upon the corporate world as office phones are also at risk to cyber-attacks.

A security researcher on McAfee’s Advanced Threat Research team warned organizations about using Avaya’s popular range of VoIP phones and to check that firmware on the devices have been updated, since there was a report that a Remote Code Execution (RCE) vulnerability in open-source software.

The issue poses a threat to relay sensitive information such as recorded and files accessed, and all of these can be done remotely. Next to Cisco in the VoIP market, Avaya is mostly used by almost all companies since it is cheaper and also easy to manage. Avaya has been the top of the VoIP for nine years already; they were able to hold their position despite the issue of bankruptcy in 2017.

[…]

Original article here