The Internet Security Systems has warned of two bugs in the Asterisk VOIP software IAX2. According to ISS, the bugs could lead to denial-of-service attacks.


ISS has warned of two bugs in the Asterisk VOIP software IAX2. According to ISS, the bugs could lead to denial of office telephone or internet services if exploited.

The Inter-Asterisk eXchange protocol v2 is used by Asterisk PBX for VOIP and call content.

According to ISS, the vulnerability could lead to attackers flooding the service with call requests and prevent the service from handling new calls.

Another vulnerability discovered by ISS allows attackers to log-in to accounts without a username and password on the PBX network. This could lead to the attackers flooding another network with call requests.

Asterisk has released a patch for these vulnerabilities. ISS advices Asterisk customers to upgrade their Asterisk software immediately.

ISS is a security advisor for businesses and governments. ISS provides protection for networks, desktops and servers.

LINKS:

For more information on the vulnerabilities, click here.

For more information on the company, ISS.

For information on Asterisk VOIP software, visit Asterisk.

 

 

 

 

Sharing is caring