A recent report points out that it is possible to abuse Session Initiation Protocol (SIP) in order to deploy a cross-site scripting (XSS) attack. Juxhin Dyrmishi Brigjaj of Enable Security mentions that this protocol, used to manage communications through services including VoIP, audio and instant messaging, can be used as a conduit for attacks based on software applications.

The main risks are the deployment of XSS attacks, evasion of security measures such as the same-origin policy and the launch of phishing attacks and malware injections.

According to Brigjaj, in the worst case this could lead to unauthenticated remote compromise of critical systems. The researcher used as an example the case of VoIPmonitor, an open source network packet tracker used by system administrators to analyze the quality of VoIP calls based on some network parameters.

A severe vulnerability in the software’s graphical user interface (GUI) was previously detected during a security audit. One of the features of the GUI is the monitoring of sip device registration requests. The monitoring system includes the type of device that sent the SIP log message through a user-agent header value.

This value is represented in the DOM of the user’s web browser, so threat actors could abuse this to lead to a malicious code execution condition: “This could be non-functional in real scenarios, although we must keep in mind that this code runs in an administrator’s browser and is stored there for a period of time.”

The expert adds that remote code execution could lead to privilege escalation and persistent administrator access for threat actors. To do this, the malicious hacker requires the creation of an administrator account to store a JavaScript payload, which means that the vulnerability could have consequences that include exfiation of data and traffic, hijacking of other administrator accounts and the implementation of malware such as keyloggers or backdoor.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero day XSS vulnerability is SIP protocol can be exploited to take control of VOIP servers and communications appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Zero day vulnerability in Codester Medisol, a doctors’ patient management system

Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a…

Important vulnerability in CyberArk Identity security solution

Cybersecurity specialists report the detection of a critical vulnerability in Cyberark Identity,…

How to temporarily fix SpringShell? Zero-day vulnerability in Spring Core

After multiple reports surfaced over the past week, Spring confirmed the remote…

Threat actors are actively exploiting a critical vulnerability, CVE-2021-20038, in SonicWall Secure Mobile Access (SMA) gateways. Update immediately

Cybersecurity specialists report that hacking groups are actively exploiting CVE-2021-20038, a severe…