Title: 3Com SuperStack 3 NBX Netset Application Port Scan Denial of Service Vulnerability
Severity: HIGH
Description:
A vulnerability has been discovered in 3Com SuperStack 3 NBX IP telephones. Reportedly the httpd server(NBX Netset application) included in the Embedded Real Time Operating System (VXWORKS) contains a vulnerability that may cause a denial of service.
This issue occurs when the affected port is scanned with the Nessus security audit tool, configured in safeChecks mode.
Exploiting this issue may cause the vulnerable httpd (Virata-EmWeb/R6_0_3) server and NBX Netset application to crash as well as various VoIP features to no longer respond. These features include the web based administrative console, Netset status and call manager. It will also disable the functionality used to soft reboot the appliance.
It is reported that a hard reboot is required to restore normal functionality.
Affected Products:
- 3Com 3Com SuperStack 3 NBX 4.0.17
- 3Com 3Com SuperStack 3 NBX 4.1.21
- 3Com 3Com SuperStack 3 NBX 4.1.4
- 3Com 3Com SuperStack 3 NBX 4.2.7
References:
- 3Com: Support for Products
- SECNAP Network Security: 3com NBX IP VOIP NetSet(r) Configuration Manager
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
