CyberNews Briefs

Decade-old remote code execution bug found in phones used by Fortune 500

Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges.

The remote code execution (RCE) flaw affects an open-source component that was found to be vulnerable in 2009. However, Avaya never patched the customized version of this module that is used in the 9600 firmware. After McAfee disclosed the bug to Avaya, the company recently made a firmware patch available.

Read more: Decade-old remote code execution bug found in phones used by Fortune 500

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.