Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability

Alcatel Lucent VOIP Telephone System OmniPCX Enterprise Security Bypass Vulnerability

Alcatel-Lucent OmniPCX Enterpise VOIP Telephone Systems are prone to a security-bypass vulnerability due to a configuration error.

To exploit this issue, Attackers must have access to the affected phone or remote access to the computer daisy-chained to it. Attackers may obtain remote access to the computer by successfully exploiting other vulnerabilities.

This issue is relevant only on networks using 802.1x authentication with a voice VLAN to guarantee data and voice isolation.

Attackers may exploit this issue to bypass the 802.1x authentication mechanism and then access the voice VLAN network. Successful exploits will facilitate further attacks in the underlying voice network, such as denial-of-service and traffic-disruption attacks. Remote compromises may be limited to broadcast and multicast voice VLAN traffic only.

This issue affects OmniPCX Enterprise 7 (and later versions).