CVE-2018-11518

Name of the Vulnerable Software and Affected Versions HCL legacy IVR systems (affected versions not specified)

Description A phreaking attack can be performed on HCL legacy IVR systems that do not use VoIP, allowing an attacker to record and replay specific audio frequencies to activate services. This issue arises when the required series of DTMF signals for a service activation is predictable, and the IVR system does not verify the request's intent. As a result, the IVR system accepts activation requests from any loudspeaker in the caller's environment without proper verification.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.