BroadWorks Call Detail Record Disclosure Vulnerability

Users of BroadWorks please be advised of a Call Detail Record Disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

BroadWorks-SA-11/02/2010: BroadWorks Call Detail Record Disclosure Vulnerability
Affected Software: BroadWorks <= R16
+———–+
|Description|
+———–+

Security-Assessment.com discovered an issue regarding privilege
separation between different enterprise groups within BroadWorks.
This issue allows a user with Attendant Console privileges to
view and record live call detail records for any user of the
system, including users from other organisations.Read more at http://www.criticalwatch.com

 

Advertisements