Whitepaper: Unintended lateral movement by privileged users through VoIP switches utilizing Centralized Directories for Interswitch Routing
Oct 2020 Albert, N.
This whitepaper discusses an unintended configuration-based (non-technical) vulnerability that allows privileged users of a peer-to-peer VoIP network relying on a centralized directory for the purposes of interswitch routing to move laterally from switches participating in the peer-to-peer network to private switches that do not necessarily have a public presence, which may be potentially undesired behavior. The vulnerability stems not from any particular technical vulnerabilities but from operational and configurational oversights. The factors that allow a successful exploit to occur are discussed as well as several possible mitigations.
Suggested Citation: Albert, N. Whitepaper: Unintended lateral movement by privileged users through VoIP switches utilizing Centralized Directories for Interswitch Routing (10/6/2020). Available at https://public.interlinked.us/2