Experts at McAfee Advanced Threat Research say they were just doing
general studies of Avaya desk phone security when they stumbled on the
reincarnated bug.
An attacker could exploit it to take over the phone’s
operations, extract audio from calls, and even essentially bug the phone
to spy on its surroundings.
“It was kind of a holy crap moment,” says Steve Povolny, McAfee's head of advanced threat research...
Though a fix is now available (again), the McAfee researchers note that
it will take time for the patch to distribute out to all the corporate
and institutional environments where vulnerable phones are lurking on
every desk. more
My past posts about Avaya eavesdropping vulnerabilities.
Update: Avaya is second only to Cisco in the enterprise VoIP market, and is used by almost all of the Fortune 100. The company's response and advisory notice can be found here.