BroadWorks Call Detail Record Disclosure Vulnerability

Users of BroadWorks please be advised of a Call Detail Record Disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

BroadWorks-SA-11/02/2010: BroadWorks Call Detail Record Disclosure Vulnerability

Affected Software: BroadWorks <= R16

+-----------+ |Description| +-----------+ Security-Assessment.com discovered an issue regarding privilege separation between different enterprise groups within BroadWorks. This issue allows a user with Attendant Console privileges to view and record live call detail records for any user of the system, including users from other organisations.Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/eov2