Connect with us

Business

Multiple AudioCodes Desk Phone and Zoom Zero Touch Flaws Enable Remote Attacks

Published

on

As per reports, Several vulnerabilities were discovered in Zoom’s Zero Touch Provisioning (ZTP) that allows threat actors to gain full remote administration of the devices resulting in activities like eavesdropping, pivoting through devices, and building a botnet with compromised devices.

In addition to this, threat actors can also reconstruct the cryptographic routines with AudioCodes devices to decrypt sensitive information like passwords and configurations that are available due to improper authentication.

Working on Zoom’s Zero Touch Provisioning

ZTP feature is used for the automatic provisioning of certified hardware like VoIP devices to ensure that they receive all the necessary information for operations. This information includes server addresses, account information, and firmware updates. 

Zoom’s ZTP supports a wide range of devices and is one of the most reliable providers for integrating traditional devices. An IT administrator can use ZTP to assign a device to a user and set configurations which are then queried by the device at Factory settings.

Zoom ZTP Working (Source: SySS)

ZTP uses a certificate-based authentication between the device and the ZTP which is also known as mutual TLS. This means that ZTP verifies the exact match of the MAC address with the requested configuration making it hard for threat actors to extract device certificates but there is no second authentication like one-time password or others.

Assigning a device is done through Zoom Phone’s administrative panel by adding MAC addresses. This means that a threat actor with necessary licences for using Zoom Phone can access arbitrary MAC addresses and put them in a self-defined configuration template.

The attacker controls a malicious C2 server and stores the malicious firmware package. The server is made to request by adding the device on the Zoom account that downloads the firmware package with an evil configuration resulting in a complete takeover of the device.FREE Webinar

API Security Fundamentals: How to Discover, Scan and Protect APIs

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free WebinarRegister Now

complete report has been published about this threat vector and other information by the SySS package and was presented at the BlackHat USA 2023.

Vulnerability Summary

ProductVulnerability TypeSySS IDCVE ID
AudioCodes IP-Phones (UC)Use of Hard-coded Cryptographic Key (CWE-321)SYSS-2022-052CVE-2023-22957
AudioCodes Provisioning ServiceExposure of Sensitive Information to an Unauthorized Actor (CWE-200)SYSS-2022-053N.A.
AudioCodes IP-Phones (UC)Use of Hard-coded Cryptographic Key (CWE-321)SYSS-2022-054CVE-2023-22956
AudioCodes IP-Phones (UC)Missing Immutable Root of Trust in Hardware (CWE-1326)SYSS-2022-055CVE-2023-22955
Zoom Phone System ManagementUnverified Ownership (CWE-283)SYSS-2022-056N.A.

Source: https://cybersecuritynews.com/zoom-zero-touch-flaws-enable-remote-attacks/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO