Canadian telecom providers affected by SOLEO IP relay vulnerability

Once again, the telecommunication sector has been threatened by a major cybersecurity issue. This time, the affectees include several Internet Service Providers (ISPs) from Canada. Reportedly, a vulnerability in the SOLEO IP Relay affected these ISPs as all of them ran the same vulnerable software. However, by applying Soleo’s patch, these ISPs are now safe.

Reportedly, two researchers at Project Insecurity Dominik Penner and Manny Mand published a detailed white paper about a zero-day vulnerability in the software and informed everyone about it via a tweet.

The researchers discovered a local file disclosure vulnerability in the TRS (Telecommunications Relay Services), or the IP-Relay.

An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.

As stated in their vulnerability report, “This vulnerability exists due to the fact that there is improper sanitization on the “page” GET parameter in servlet/IPRelay… A determined attacker (APT/foreign entity) could leverage this vulnerability to steal passwords from configuration files across multiple providers.”

The flaw was in disability services that allow people who are deaf, hard of hearing, or have a speech disorder to place calls through a text telephone or other assistive devices.

As stated in their vulnerability report, “This vulnerability exists due to the fact that there is improper sanitization on the “page” GET parameter in servlet/IPRelay… A determined attacker (APT/foreign entity) could leverage this vulnerability to steal passwords from configuration files across multiple providers.”

Explaining further about the impact of this vulnerability, the researchers state, “Within the source code lies passwords which allow the servlet to communicate with other services, such as SQL/LDAP. An attacker could extract these passwords from within the source files, and further escalate their privileges on the server or even use said information in a social engineering attack. The end result could be escalated to yield remote code execution.”

Leave a Reply