Vulnerabilities in Nortel and SonicWall products
Security services provider SEC Consult has issued reports of vulnerabilities in Nortel and SonicWall products. Two vulnerabilities in Nortel Contact Center Manager Server allow unauthorised access to the server. According to the report, administrative rights can easily be obtained by setting a cookie with simple content. In addition, in response to certain queries the SOAP interface returns passwords in plain text. Nortel has released an update which fixes the problems.
Vulnerabilities in SonicWall's Global Security Client (GSC) and Global VPN Client (GVC) allow privilege escalation. In GSC, it merely requires an attacker to call a windows command line (cmd.exe) via the Eventviewer – this then runs with SYSTEM privileges. In GVC, attackers can replace the binaries for the VPN service with programs of their choice.
In addition, the SonicOS appliance operating system contains a format string vulnerability which can be used to crash the system. According to SEC Consult, no patch or update has been released by SonicWall despite the vulnerability having been reported in 2006. According to the report, further attempts to contact SonicWall have been met with – a wall of silence.
- Advisories, overview of SEC Consult advisories.
- Contact Center Potential Password Disclosure, advisory from Nortel.
- Contact Center Authentication Bypass, advisory from Nortel.