Vigil@nce - Aastra Phone: denial of service via telnet
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can connect via telnet on Aastra Phone, in order to
trigger a denial of service.
– Impacted products: Aastra Phone
– Severity: 2/4
– Creation date: 08/04/2013
DESCRIPTION OF THE VULNERABILITY
The Aastra 6753i IP Telephone has a telnet access.
However, the password for the "admin" user is constant. An
attacker can thus login on the phone. It can be noted that entered
commands usually lead to a system stop.
An attacker can therefore connect via telnet on Aastra Phone, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Aastra-Phone-denial-of-service-via-telnet-12616