Author Topic: Vulnerabilites  (Read 2530 times)

Offline pakman

  • Sr. Member
  • ****
  • Posts: 483
  • Karma: +1/-0
    • View Profile
Vulnerabilites
« on: April 30, 2011, 10:54:04 AM »
Hello,

Does anyone else have the following issues? We have a third party doing vulnerability scanning on our networks and when it comes back with hits on our PBX I cannot seem to find any resolutions on line. I


Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Vulnerabilites
« Reply #1 on: April 30, 2011, 11:45:44 AM »
What kind of hits are coming back?

Ralph

Offline pakman

  • Sr. Member
  • ****
  • Posts: 483
  • Karma: +1/-0
    • View Profile
Re: Vulnerabilites
« Reply #2 on: May 02, 2011, 01:36:26 PM »
Hi Ralph,

Just to name a few "J2EE Servlet WEB-INF Arbitrary File Read", "FTP Bounce Scan" if you would like the descriptions I'll post them. There just a bit lengty is all.

Thanks

Offline Chakara

  • Hero Member
  • *****
  • Posts: 607
  • Karma: +2/-0
    • View Profile
    • Kyle Petree
Re: Vulnerabilites
« Reply #3 on: May 03, 2011, 09:58:04 PM »
  That is interesting.  I'd love the whole report with their details.  If too large to attach (assuming you'd want to) then PM me and we'll figure something out.

  Now, my experience with these "scanner" security guys is they just look for anything.  MANY things as reported aren't bad, but instead desired or at least harmless.  Typically you have to spend a lot of time to understand them so you can decide the real implications.  Then with that knowledge in hand, how (or if) to deal with them.

  Often their descriptions don't match the original vulnerability description or the software manufactures description so you have to do a lot of analysis of their typically vague descriptions to match them up with what specific issue they are pointing out.  Can be very time consuming to advise someone on how to proceed.

  I know, having talked in person with the head of systems security at Mitel, that they take it seriously.  Not that they are perfect.

  Also, what type of Mitel system are you running, and what software version?

-Chak


   


 

Sitemap 1 2 3 4 5 6 7 8 9 10