A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://twitter.com/mishradhiraj_/status/1001664440759091207 | third party advisory |
| https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html | third party advisory |
| http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html | third party advisory |
| https://twitter.com/mishradhiraj_/status/1001664204485652482 | third party advisory |