Security Central Attacks

Here is a Select Sub-set of Zero-day Vulnerabilities where RedShift, Threat Intelligence and Condor Labs Identified and Helped Operators Protect Their Networks

These flaws in software, hardware or firmware represent an unknown exploit in the wild that exposes a vulnerability where malicious activity, fraud and theft can occur. These previously unknown weaknesses are often exploited and attackers release malware before a developer team can create a patch to fix the zero-day vulnerability.

September 21, 2020 – Social Engineering Hack Demonstrates Requirement for VoIP Threat Intelligence Analytics
August 17, 2020 – Q3 2020 SIP Botnet Security Intelligence Report
August 3, 2020 – RedShift Networks Security Advisory: Ransomware attack on call centers
July 21, 2020 – Asterisk – Vulnerability in Sangoma Asterisk 13.x, 16.x, and 17.x.
July 15, 2020 – Cisco – Vulnerability in Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software
July 15, 2020 – Mitel – Vulnerability in wireless devices Firmware 8.0 and 8.12
July 15, 2020 – Huawei – Vulnerability in the SIP Module of Some Huawei Products
July 15, 2020 – Mitel – Vulnerability in 6800 and 6900 SIP series phones
July 15, 2020 – Asterisk – Vulnerability SIP request can change address of a SIP peer
July 15, 2020 – Cisco – Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
July 15, 2020 – Cisco – Vulnerability in IOS XE Software cause a device to reload
July 15, 2020 – Snapdragon – Vulnerability improper input validation
July 15, 2020 – Snapdragon – Vulnerability in buffer overread
May 21, 2020 – RedShift Networks Security Advisory: Rise in voice conference join attacks due to COVID-19
March 21, 2020 – RedShift Networks Security Advisory: Rise in voice attacks on a global level during COVID-19 pandemic
November 18, 2019 – Junos – Vulnerability in the SIP ALG packet Junos OS: 12.3X48
November 18, 2019 – Junos – Vulnerability on MX Series 16.1
November 18, 2019 – Cisco – Vulnerability Cisco IP Phone 8800 Series devices
November 18, 2019 – Cisco – Vulnerability in library of Cisco IOS and IOS XE Software
September 26, 2019 – Arcadyan – Vulnerability in SLT-00 Star (aka Swisscom Internet-Box) reconfiguration of the static routing table
September 26, 2019 – Huawei – Vulnerability in CloudLink Phone 7900 insufficient TLS certificate verification MITM attacks
September 26, 2019 – Cisco – Vulnerability in Cisco IP Phone 8800 Series allow an unauthenticated remote attacker to cause high disk utilization
September 26, 2019 – Cisco – Vulnerability in Cisco IP Phone 8800 Series allow an unauthenticated remote attacker to write arbitrary files to the filesystem
September 26, 2019 – Cisco – Vulnerability in Cisco IP Phone 8800 Series allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack
September 26, 2019 – Cisco – Vulnerability in Cisco IP Phone 8800 Series could allow an unauthenticated attacker to bypass authorization
September 26, 2019 – Cisco – Vulnerability in Cisco IP Phone 7800 and 8800 Series improperly validates user-supplied input during user authentication
September 26, 2019 – Cisco – Vulnerability in Cisco SPA112, SPA525, and SPA5X5 Series
September 26, 2019 – Cisco – Vulnerability in Cisco Meeting Server in specific coSpace parameters
September 26, 2019 – Asterisk – Vulnerability in pointer dereference in chan_sip while handling SDP negotiation
September 26, 2019 – Asterisk – Vulnerability in res_http_websocket.c
September 26, 2019 – Asterisk – Vulnerability
September 19, 2019 – Zenitel – Vulnerability in Norway IP-StationWeb
September 19, 2019 – Asterisk – Vulnerability in Digium Buffer overflow in DNS SRV and NAPTR lookups
September 19, 2019 – Asterisk – Stack consumption Vulnerability in the res_http_websocket.so module of Asterisk
September 19, 2019 – Yealink – Vulnerability in Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) path information
September 19, 2019 – Yealink – CSRF Vulnerability in Ultra-elegant IP Phone SIP-T41P
September 19, 2019 – Yealink – Vulnerability in Ultra-elegant IP Phone SIP-T41P
September 18, 2019 – FreePBX – Vulnerability in FreePBX core
September 18, 2019 – Mitel – Vulnerability in MiVoice 5330e VoIP device
September 18, 2019 – Asterisk – Vulnerability in Open Source 15.x
September 18, 2019 – D-Link – Vulnerability in DWR series
September 17, 2019 – Juniper – Vulnerability in Junos OS SRX Series devices
September 10, 2019 – Cisco – Vulnerability in Cisco IP Phone 7800 Series and 8800 Series by altering the SIP replies
September 10, 2019 – Cisco – Vulnerability in Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager
September 10, 2019 – Cisco – Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) CPU usage
September 10, 2019 – Cisco – Vulnerability in Cisco Meeting Server (CMS) software
September 9, 2019 – Cisco – Vulnerability in Cisco IP Phone 7800 Series and 8800 series with malicious XML payload
September 9, 2019 – Asterisk – Vulnerability Buffer overflow in Digium
September 9, 2019 – Polycom – Vulnerability in Polycom VVX 500 and 601
September 9, 2019 – Kamailio – Vulnerability an invalid header causes a segmentation fault and crashes
September 7, 2019 – Cisco – Vulnerability in Cisco (ASA) and (FTD) Software
September 7, 2019 – Kamailio – Vulnerability double “To” header
September 5, 2019 – Asterisk – Vulnerability specific ACL rules block a SIP request
August 30, 2019 – Cisco – Vulnerability in Cisco IOS XE Software
August 30, 2019 – Cisco – Vulnerability in Cisco Small Business SPA514G IP Phones
August 30, 2019 – Cisco – Vulnerability in Cisco denial of service (DoS) by sending high volumes of SIP INVITE traffic
August 30, 2019 – Cisco – Vulnerability in Cisco IP Phone 7800 and 8800 Series dropped calls
August 30, 2019 – Cisco – Vulnerability in Cisco IP Phone 6800, 7800, and 8800 Series allow to reload phone unexpectedly
August 30, 2019 – Cisco – Vulnerability in Cisco application server allow DoS
February 26, 2018 – Asterisk vulnerability allows remote authenticated user, results in target service crash
February 26, 2018 – Asterisk vulnerability Open Source and Certified Asterisk allow Buffer Overflow
December 25, 2017 – Bug in PJSIP allow Remote Unauthenticated Sessions
November 30, 2017 – Vulnerability in Cisco IP Phone 8800 Series allow DoS
November 17, 2017 – PJSIP – Vulnerability in (pjlib and pjlib-util) allow potential to overflow
October 20, 2017 – Bug in Cisco Small Business SPA51x Series IP Phone allow DoS
October 20, 2017 – Bug in the implementation of (SIP) functionality in Cisco SPA50x, SPA51x, and SPA52x Series IP Phones
September 15, 2017 – VOIP Security Risks and Countermeasures
August 15, 2017 – Vulnerability in (SIP) on the Cisco TelePresence (VCS) allow DoS
June 13, 2017 – Vulnerability in Cisco IP Phone 8800 Series allow remote attacker to cause a DoS
June 8, 2017 – Vulnerability in Cisco TelePresence Endpoint allow a remote DoS
June 3, 2017 – Security Threats in VOIP
May 19, 2017 – VOIP Security with Asterisk
April, 28, 2017 – The Terrible state of VOIP Security
April 10th, 2017 – SnapShot – Stopping attacks that disrupts Voice Communications
February 16, 2017 – VOIP Hacks on the rise
February 14, 2017 – VoIP Security Guide and Protection Checklist
January 17, 2017 – What Makes Your SIP Vulnerable to Attack
January 17, 2017 – Avoid voice attacks with Security Update
January 17, 2017 – What Makes your VOIP susceptible to attacks
January 3, 2017 – Cloud VOIP operators indicating that attacks are growing
November 30, 2016 – IBM warns of rising VOIP attacks
October 6, 2016 – VOIP Security Risks and Countermeasures
August 22, 2016 – Threat Intelligence report for the telecommunications industry
August 18, 2016 – Security Threats in VOIP
June 22, 2016 – VOIP vulnerabilities protection against evolving threats
February 13, 2016 – Are You The Only One Using Your VOIP Phone

Real-time VoIP Security Analytics

Protects Against More Than 40,000 VoIP Threats & Attacks

LEARN MORE