Researchers Find Ten Year Old Vulnerability on Avaya DeskphoneByBill Toulas-August 9, 2019.841 McAfee researchers found a serious Rce bug on Avaya firmware H.323. The component which introduces the risk of security comes with a known exploit, ten years old. Avaya is a company based in California and specializes in business communications since 2000. Our VoIp solutions cover 90 percent of Fortune 100 companies so that the presence of a flaw in our deskphones will impact big business and disrupt critical business processes. As McAfee researchers reveal, this is precisely the case with the Ip Deskphone Avaya 9600 series, which allegedly carries a weakness in remote execution of code (Rce) dating back to 10 years ago. The specific vulnerability allows the targeted phone speaker to exfiltrate audio and requires only a laptop to connect to the same network with the Ip deskphone. In the video below the researchers have shown how manipulation works. The same method works for the products from the Avaya 9600 Series J100 and B189. Anyone who uses the H.323 firmware version 6.8.1 and above is vulnerable, but the bug does not affect the Sip versions. Known as Cve-2009-0692 and given a 10.0 (highest) Cvss v2.0 ranking, the specific Rce vulnerability became part of Avaya’s firmware ten years ago through an open-source feature named “Dhclient,” and then left unpatched for more than a decade. Avaya released a firmware update for repairing on June 25 following notification from McAfee. It actually took Avaya two months to release a patched firmware picture that is appropriate given the amount of testing these devices have to undergo to make sure they are reliable for large-scale company deployment. Now it is urged administrators to replace the old firmware images with the latest version, as they run a severe risk of corporate surveillance. Whether anyone has taken advantage of the specific weakness is not yet clear, but with the value of Fortune 100 operations, we can safely assume that somebody has to. .842 The researchers identified the vulnerability by retrieving system files and finding privileged ways to interact with the device. The first step to locating vulnerability points using a debugger is to recover all system binaries and configuration files. Once the researchers have reached the device’s root shell, they can execute any code they want to tamper with the Nand flash and change the Linux kernel’s boot arguments that are used on the Avaya firmware. This is how the researchers realized that the dhclient version was 4.0.0 which dates back ten years and has an exploit that is available to the public. As McAfee’s experts point out, it would take a few weeks, or even a few days, for a professional attacker to come up with the same results as they did.