OpenScape Business S - WAN Interface Vulnerability
Summary
If the WAN interface of OpenScape Business S is directly connected to an internet service provider (ITSP), WAN interface ports will be directly exposed to the Internet.
An attacker could use this behavior and try to get access to the system from the Internet and exploit the system.
The WAN interface of OpenScape Business S must be connected via TCP/IP to an external router with NAT and appropriate firewall settings, if the connected ITSP supports beneath telephony data also Internet access.
The vulnerability is rated high and immediate action is recommended.
Details
Within OpenScape Business S systems a second LAN interface card can be added and configured as WAN interface. The WAN interface is intended for the connection of Internet Telephony Service Provider (ITSP) only. Internet access has to be done always via an Internet Router connected to the LAN interface of OpenScape Business S.
OpenScape Business S WAN interface can be connected either directly to an DSL or cable modem or alternatively via TCP/IP to an external router. In case that the WAN interface is configured as “Connection to a DSL or cable modem” Network Address Translation (NAT) is not supported for the WAN interface and the same firewall rules as defined for the LAN interface are applied.
Some Internet providers (e.g. Vodafone) offer ITSP trunks with a public IP address that provides also Internet data traffic beside the pure telephony traffic. In case that such kind of ITSP trunk is connected directly (without external Internet router) to the WAN interface of OpenScape Business the system is visible within the Internet. As a public address is used and data traffic is not limited to voice data only by the provider the system can be accessed from any place in the world without any restrictions.
An attacker can scan the system from the Internet and try to intrude into the system and to compromise the system and potentially also other systems in the customer LAN.
Affected Products
OpenScape Business S versions V1, V2 and V3
Not affected products
OpenScape Business X systems are not affected.
Recommended Actions
Connect OpenScape Business S Systems WAN interface via TCP/IP connection and an external router to the ITSP.
For OpenScape Business S on-premise:
Use NAT within the router and open only the ports used for Internet Telephony in the firewall of the router.
For OpenScape Business S in the Cloud:
The firewall from the cloud provider can be used, permitting access to certain ports only.
References
OpenScape Business Administrator Manual:
Downloadable as PDF file via the Service Center of the OpenScape Business Administration Portal (WBM).
How To Configure LAN-WAN Interfaces for VoIP
Downloadable as PDF file within the following link:
https://wiki.unify.com/wiki/OpenScape_Business#Configuration_of_LAN.2FWAN_interface_for_VoIP
Opmerkingen
0 opmerkingen
U moet u aanmelden om een opmerking te plaatsen.