Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Anyone patching the 96xx phone vulnerability yet? 1

Status
Not open for further replies.
Sort by date Sort by votes
Same here. Been updating (having some trouble getting the update to take on all phones but I don't think it is the firmware itself--just that sending remote command to reregister doesn't seem to get the phones to pick up firmware on r11 fp4 sp1)
 
Upvote 0 Downvote
The public statement from Avaya.


TO: AVAYA SALES, PARTNERS, AND CUSTOMERS

REGARDING: RECENT NEWS ARTICLES ABOUT AVAYA H.323 PHONE VUNERABILITY

You may have seen or received questions about a security issue with certain Avaya desktop phones due to recent news articles.

This concern is regarding a 10 year old bug that re-surfaced on certain Avaya desktop and conferencing phones.

Please be aware that:

- This issue only affects 9608, 9608G, 9611G, 9621G, 9641G, 9641GS, B189, J169, and J179 devices using H.323 signaling. Those same devices using SIP signaling are unaffected.

- This issue has already been addressed in the June 25th release of software (version 6.8.2) for these devices.

IF you would like to better understand this or to be better able to address any questions you may receive, please review the Avaya Security Advisory (ASA) ASA-2019-128 issued on July 18, 2019 that can be found at this link (
You may also provide this link to anyone else that is interested in this matter.

This ASA contains a link to Avaya’s Product Vulnerability Response Policy ( that provides more details on the formal structure that Avaya uses to monitor, assess, and notify stakeholders of potential security issues.

In addition, any inquiries can be best responded to with the following statement:

“Avaya has a clear and well-defined policy that requires our products to use the most recent software release to make sure security issues are addressed in a timely manner.

With respect to the security issue identified in ISC DHCP, Avaya issued a security advisory ( on July 18, 2019 that addresses and resolves the identified risk. Avaya thanked Philippe Laulheret for his responsible disclosure and cooperation with Avaya during the handling of this matter.

Customers should always make sure that physical access to communications devices are limited to approved personnel to prevent physical tampering with these devices by unauthorized entities.”

THANK YOU!

No I don't write all the manuals. No I don't code the software. No I don't design the phones.
 
Upvote 0 Downvote
Shoot. More of a reason to get a couple older CM 5 systems replaced that we were on the fence about (since the update doesn't go back to CM 5 systems).

OP: funny enough, I was wondering if this thread of yours ever got resolved: Running into something similar with the provider insistent the static is not their fault and have tried just about everything except for a full chassis swap. Sorry for the random post, lurker/occasional poster and the thread is closed and I don't think?? we can send PM's here.
 
Upvote 0 Downvote
Keep in Mind, while the patch was resolved in June, the R11 SP1 is still running 6.6.6 for 96x1 sets...

will need to download the 6.8.2 to resolve this issue.....

 
Upvote 0 Downvote
Keep in mind for your older systems. They will need to be upgraded. We've got a customer with a mix of 5400 and 9600 series phones running on 10.0 SP3. They want them patched but have to get rid of 5400 series first.

The Avaya IP Deskphones/IP Phones using Avaya Deskphone H.323 Release 6.8.2 software are supported on:
• IP Office™ 10.0 SP7
• IP Office™ 10.1 SP3
• IP Office™ 11.0 and associated service packs (all models except J169/J179)

If vegetarians love animals so much, why are they eating all of their food?
 
Upvote 0 Downvote
What service pack are you running? You might be able to make and receive calls but many button features stopped working after SP3.
Plus, they are not supported by Avaya. Why would you be running a supported version of IPO but not the phones?
Just because you can doesn't mean you should.

If vegetarians love animals so much, why are they eating all of their food?
 
Upvote 0 Downvote
All releases of R10
10.1 no sp and sp1.
5400 and 5600 phones.
no issues
not issues with buttons.
 
Upvote 0 Downvote
Not supported doesn't mean not working.
But I had issues with some phone types not working on a release and another one on the same release had no problems with the same phones.
Seems it also has to do with hardware and the tide and the time of day it was upgraded .... :) could never make a 100% prediction if stuff really works after the upgrades.

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

K
  • Locked
  • Question
96xx IP Phone not update.
Replies
7
Views
503
derfloh
derfloh
Schwenki
  • Locked
  • Question
Avaya IP Office Vulnerability (CVE-2024-4196) / (CVE-2024-4197)
Replies
3
Views
353
sizbut
sizbut
Rhinorhino
  • Locked
  • Question
Broken 96xx stands 2
Replies
1
Views
110
Westi
Westi
comfortinntechci.com
  • Locked
  • Question
Magnetic Door Phone installation
Replies
1
Views
239
budbyrd
budbyrd
bbrown3730
  • Locked
  • Question
All of a sudden in IP Office outside calls show the main BTN and not the actual extension of the user making the phone call. How can I fix this?
Replies
4
Views
413
Ivan_Cohen
Ivan_Cohen

Part and Inventory Search

Sponsor

Back
Top