VoIPshield Laboratories has discovered over 100 security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel. A vulnerability is a design or implementation flaw in a VoIP system that can be exploited by a hacker with malicious intentions, including extortion through service outage threats, industrial espionage through call recording, or identity theft through the stealing of sensitive customer information.
VoIPshield notified the vendors of its findings earlier this year. Under the terms of its Responsible Disclosure Policy, VoIPshield works with the vendors to help them recreate the vulnerabilities in their own test labs, and offers its services to assist the vendors in determining the best remediation approach.
The vulnerabilities are cataloged and presented on the company's website at http://www.voipshield.com/research
. Each vulnerability is categorized based on an exploit's most likely malicious intent: unauthorized access, code execution, denial of service or information harvesting. Each is also given a severity rating based on a modified industry standard index. Vendor responses are also included, indicating what action if any the vendor has indicated they will take to remediate the vulnerability, and when.