NEC's UNIVERGE® SV9100 is the unified communications (UC) solution of choice for small and medium businesses (SMBs) who don't want to be left behind. Designed to fit your unique needs, the UNIVERGE SV9100 platform is a powerful communications solution that provides SMBs with the efficient, easy-to-deploy, mobile technology that they require.
The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user. Attacker can also sniff the network and hijack the session id which resides in a GET request to further generate the config file. The sessionid can also be brute-forced because of its predictability containing 5-digit number. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, system access and denial of service via config modification.