Avaya is one of the world’s largest providers of VoIP phones, specializing in providing phone systems for Fortune 100 companies. With desk phone systems that can accommodate small, mid-sized, and even large corporations, Avaya is constantly bringing technological evolutions to the market. However, as technology changes, certain vulnerabilities can come to life and the providers have to respond accordingly to ensure users are protected. In 2009, Avaya had to do exactly that. The Avaya 9600 series IP Deskphone presented with a Remote Code Execution (RCE) vulnerability. We know what you’re thinking – what does a vulnerability that was identified in 2009 mean to today’s Avaya’s phone system users? A lot.
It is likely that the initial bug was copied and modified without subsequent security patches being placed on the technology. As recently as August, the presence of this bug was identified in the phone’s firmware. The good news is that only the H.232 software stack was affected, not the SIP stack that can also be used with this phone system, so the risk is not as widespread as the Avaya phone system itself.
What’s At Risk With The Avaya Phone System Bug?
This bug gives hackers an opportunity to exploit business communications. An attacker can go so far as to take over the normal operation of the Avaya phone system, record audio directly from the phone, and even bug the phone to record later on. The phone can be directly hacked, but it is also vulnerable to remote hacks through a shared network.
In order to determine if your Avaya phone system is putting your business at risk, you’ll want to confirm the phone model you have. Only the 9600 Series, J100 Series, and B189 phones were affected by this bug. In the “About Avaya IP Deskphone” screen on the phone itself, you can see what firmware version your phone is operating on. Version 6.8.1 and earlier are vulnerable when the H.323 firmware is in place.
What Do You Do Now?
If your Avaya phone system is, in fact, vulnerable to this bug, there is a simple resolution to the problem. Security researchers with McAfee have established the various pathways that make the Avaya phone systems vulnerable to hackers and have shared their findings with Avaya. Detailed instructions for developing an effective, long-term fix for the issue led to the creation and testing of a patched firmware image.
If you have an Avaya phone system deployed in a large enterprise, it is not uncommon to deploy the patch is batches to test the resolution and ensure that no conflict arises. However, this patch has been out for a reasonable duration that would make most IT experts comfortable deploying across the entire system if they so choose.
Because technology is so prevalent in today’s comings and goings, we often don’t think twice about the potential vulnerabilities these solutions may bring with them. In this case, the Avaya phone system was afflicted by a weakness that put businesses at risk for over a decade. With the help of dedicated researchers who identified the bug and swiftly presented solutions to the manufacturers, businesses can rest assured that there is an answer that keeps their communication assets protected.
Get The Best Solutions For Your Business With Avaya Phone Systems
The bug that was recently resolved was not an isolated incident as far as technology is concerned. Across all manufacturers and providers, there are risks that present themselves as technology evolves. All you can do is be diligent about the technology you employ within your organization and pay attention when manufacturers identify and resolve problems.
If you have an Avaya phone system and aren’t sure whether or not your business is at risk, contact the experts at High Country today.