| |
| |
|
| CSN Number: |
04012901 |
Date: |
1.29.2004 |
| Submitted by: |
Laura Shay
|
Updated: |
10.31.2004 |
|
| |
CERT and NISCC H.323 Security Advisory - Emblaze-VCON Response
|
| |
| Emblaze-VCON Product: |
Escort, Cruiser75/150, Cruiser384, MC6000, MC8000, MC9000, MXM, VCB, VDK, vCLIP, ViGO, Falcon, IPNexus, vPoint, vPDK, Bcast Viewer, SecureConnect, IGC2000, VCB2000, HD100, HD5000, Conference Moderator |
| Non-Emblaze-VCON Product: |
|
|
| |
Problem Description:
What is Emblaze-VCON's response to the NISCC advisory on the vunerabilities of systems using the H.323 stack? |
| |
|
Resolution:
January 29, 2004 (Updated February 9, 2004)
Technical notification re: CERT & NISCC Advisory on H.323 Protocol
Recently, the National Infrastructure Security Co-ordination Centre (NISCC) in the United Kingdom posted an advisory regarding potential vulnerabilities with products utilizing the H.323 protocol. The University of Oulu, Finland reported that potential vulnerabilities were detected in a test environment. These vulnerabilities may cause certain systems to produce a denial of service attack (DOS), to hang or reboot, when the unit is placed unprotected on the Internet. The advisory stated that products which support the H.323 protocol could be affected by these vulnerabilities. More NISCC information can be found at the following web site: http://www.uniras.gov.uk/vuls/2004/006489/h323.htm.
Emblaze-VCON is aware of the advisory and is aware that the common 3rd party H.323 stack used by Emblaze-VCON and other vendors may be subject to the vulnerabilities mentioned by the NISCC. Emblaze-VCON has taken the advisory software procedure and is currently testing for any potential vulnerabilities or security-related issue on all Emblaze-VCON H.323 products.
At this time there have been no reported instances of this issue compromising video or audio information in a conference or loss of sensitive data. For now, Emblaze-VCON recommends that our customers continue to use their systems, but implement security measures when the system must be placed unprotected on the Internet. Additionally, Q1-2005 software enhancemet releases for most Emblaze-VCON endpoint and infrastructure products will resolve this vulnerability risk via the inclusion of an updated H.323 protocol stack.
Emblaze-VCON will update the Support Notes section of the Emblaze-VCON website with any new information as it becomes available. Emblaze-VCON encourages anyone who experiences issues they think are related to this NISCC advisory to report it to Emblaze-VCON as soon as possible.
|
| |
|
Related Notes or Documents:
none
|
| |
| Back |
| |
| |
|
| |
|
|
|
|
|
|
