Protect Your Akuvox Devices: Important SIP Vulnerability Discovered

CVECVE-2023-0348
CVSScvssV3_1: 7.5
SourceCVE-2023-0348

Akuvox, a provider of IP phones and communication systems, has disclosed a vulnerability in their E11 IP phone product.

The vulnerability lies in the way the E11 phone handles SIP (Session Initiation Protocol) calls. SIP is the standard protocol used to set up voice and video calls over IP networks. Without proper access controls, an attacker could use the SIP protocol to directly call any E11 phone within an organization and route calls to other internal or external numbers.

This could allow the attacker to conduct toll fraud by routing expensive international calls through a compromised on-premise phone system. It may also enable harassment by calling internal phones anonymously.

The CVSS score for this vulnerability is 7.5 out of 10, meaning it is considered high severity. Attackers need no authentication to exploit the vulnerability.

If you use Akuvox E11 phones, you should contact Akuvox support immediately to get information on available patches or firmware updates to apply. In the meantime, isolate any external-facing E11 phones from your internal network until fixes are applied. You should also review your SIP server configurations to ensure proper access controls are enforced.

Taking prompt action will help protect your organization’s phone system and users from potential exploitation of this significant vulnerability. Keeping devices up-to-date with the latest patches is also recommended for ongoing protection.

References