"Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping"

Multiple security flaws in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) could be exploited by an adversary to conduct remote attacks. Using the vulnerabilities discovered in AudioCodes desk phones and Zoom's ZTP feature, an external attacker can gain complete remote control of the devices, according to an analysis by a SySS security researcher. The unrestricted access could then be used to eavesdrop on rooms or phone conversations, pivot through the devices to attack corporate networks, and even assemble a botnet of infected devices. This article continues to discuss the potential exploitation and impact of the vulnerabilities in AudioCodes desk phones and Zoom's ZTP.

THN reports "Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping"