Alexander Traud

**Nome do software vulnerável e versões afetadas** Versões do Zyxel NBG7510 anteriores à V1.00(ABZY.3)C0 **Descrição** O problema está relacionado a uma configuração incorreta do DNS no firmware do Zyxel NBG7510, o que poderia permitir que um invasor não autenticado acessasse o servidor DNS quando o dispositivo fosse colocado no modo AP. Isso se deve a um controle de acesso insuficiente. **Recomendações** Para versões anteriores à V1.00(ABZY.3)C0, atualize o firmware para a versão V1.00(ABZY.3)C0 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao modo AP até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Sangoma Asterisk, versões 13.38.1 a 18.2.0 Certified Asterisk, versão 16.8-cert5 **Descrição** O problema está relacionado a controles de acesso incorretos no módulo res srtp.c, permitindo que um invasor remoto não autenticado encerre prematuramente chamadas seguras ao reproduzir pacotes SRTP. **Recomendações** Para as versões 13.38.1 a 18.2.0 do Sangoma Asterisk, atualize para uma versão que inclua a correção para os controles de acesso incorretos no módulo res srtp.c. Para a versão 16.8-cert5 do Certified Asterisk, atualize para uma versão que inclua a correção para os controles de acesso incorretos no módulo res srtp.c. Como solução alternativa temporária, considere restringir o acesso ao módulo res srtp.c para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas: Telefones da série SIP Mitel 6800 e 6900, versões 5.1.0.2051 SP2 e anteriores Descrição: Um problema relacionado ao comprimento da chave na implementação da chave SRTP de 128 bits pode permitir que um invasor lance um ataque man-in-the-middle quando o SRTP for usado em uma chamada, possibilitando potencialmente a interceptação de informações confidenciais. Recomendações: Para as versões 5.1.0.2051 SP2 e anteriores, atualize para uma versão posterior à 5.1.0.2051 SP2 para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Huawei CloudLink Phone 7900 version V600R019C10 **Description** The issue concerns a TLS certificate verification vulnerability in the SIP TLS module. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks. This can lead to affected phones being registered abnormally, affecting the availability of IP phones. The vulnerability can be exploited by a remote attacker to perform such attacks. **Recommendations** For Huawei CloudLink Phone 7900 version V600R019C10, consider disabling the SIP TLS module until a patch is available to prevent man-in-the-middle attacks. Restrict access to the phone's registration process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei eSpace (affected versions not specified) Description: The issue allows an unauthenticated, remote attacker to launch a man-in-the-middle attack and intercept packets in non-secure transmission mode. Successful exploitation may result in the interception and tampering of call information, leading to sensitive information leaks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei eSpace (affected versions not specified) Description: The issue allows an unauthenticated, remote attacker to launch a man-in-the-middle attack and hijack the connection from a client when the user signs up to log in by TLS. This is due to insufficient authentication, which may be exploited to intercept and tamper with data information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei eSpace (affected versions not specified) Description: The issue allows an unauthenticated, remote attacker to launch a man-in-the-middle attack and intercept call information when SRTP is enabled for making calls. This could lead to the leak of sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 11.21.1, 12.x, and 13.x through 13.7.1 Certified Asterisk versions 1.8.28, 11.6 through 11.6-cert12, and 13.1 through 13.1-cert3 **Description** The issue is related to the chan sip function in Asterisk Open Source and Certified Asterisk systems, where setting the timert1 value in sip.conf to a value greater than 1245 allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. **Recommendations** For Asterisk Open Source versions 1.8.x through 11.21.1, update to version 11.21.1 or later. For Asterisk Open Source versions 12.x, update to version 13.7.1 or later. For Asterisk Open Source versions 13.x through 13.7.1, update to version 13.7.1 or later. For Certified Asterisk versions 1.8.28, update to version 11.6-cert12 or later. For Certified Asterisk versions 11.6 through 11.6-cert12, update to version 11.6-cert12 or later. For Certified Asterisk versions 13.1 through 13.1-cert3, update to version 13.1-cert3 or later. As a temporary workaround, consider setting the timert1 value in sip.conf to a value less than or equal to 1245 to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.8.5 **Description** The issue concerns the IPSec implementation when Hybrid Auth is used, where it fails to verify X.509 certificates from security gateways. This allows attackers to spoof security gateways and obtain sensitive information by using a crafted certificate. **Recommendations** For versions prior to 10.8.5, update to Mac OS X version 10.8.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of Hybrid Auth until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.8.4 **Description** The issue concerns the Private Browsing feature in CFNetwork, which fails to prevent the storage of permanent cookies when exiting Safari. This could allow physically proximate attackers to bypass cookie-based authentication by accessing an unattended workstation. **Recommendations** For Mac OS X versions prior to 10.8.4, update to version 10.8.4 or later to resolve the issue.