After NTA-monitor had warned Nortel, in March, of a vulnerability related to the storage of passwords for the Contivity VPN software, now the same company is back with yet a new alert.
The experts from NTA discovered a vulnerability in the Nortel VPN routers which allows hackers to launch Denial of Service (DOS)-type attacks.
The vulnerability is generated by an error in routing IKE packages which can be exploited by means of an IKE package containing a specially modified ISAKMP header.
Regarding this problem, Roy Hills, technical director of NTA Monitor, stated: " We have determined that it's possible for an attacker with modest resources to scan the entire routed internet address space within a few weeks and thus find all of the Nortel VPN router systems."
NTA advises all companies to install the patch released on Friday by Nortel