Mitel Forums - The Unofficial Source
Mitel Forums => Mitel MiVoice Business/MCD/3300 => Topic started by: pakman on April 30, 2011, 10:54:04 AM
-
Hello,
Does anyone else have the following issues? We have a third party doing vulnerability scanning on our networks and when it comes back with hits on our PBX I cannot seem to find any resolutions on line. I
-
What kind of hits are coming back?
Ralph
-
Hi Ralph,
Just to name a few "J2EE Servlet WEB-INF Arbitrary File Read", "FTP Bounce Scan" if you would like the descriptions I'll post them. There just a bit lengty is all.
Thanks
-
That is interesting. I'd love the whole report with their details. If too large to attach (assuming you'd want to) then PM me and we'll figure something out.
Now, my experience with these "scanner" security guys is they just look for anything. MANY things as reported aren't bad, but instead desired or at least harmless. Typically you have to spend a lot of time to understand them so you can decide the real implications. Then with that knowledge in hand, how (or if) to deal with them.
Often their descriptions don't match the original vulnerability description or the software manufactures description so you have to do a lot of analysis of their typically vague descriptions to match them up with what specific issue they are pointing out. Can be very time consuming to advise someone on how to proceed.
I know, having talked in person with the head of systems security at Mitel, that they take it seriously. Not that they are perfect.
Also, what type of Mitel system are you running, and what software version?
-Chak