GEN:SID 1:1819
Message MISC Alcatel PABX 4400 connection attempt
Summary This event is generated when an attempted connection is observed originating from outside the network to the management port to the Alcatel PBX Phone Switch.
Impact Remote access, denial of service, privilege escalation.  A successful attack may allow remote root access, shutdown of the device, or privlege escalation.
Detailed Information The Alcatel 4000 PBX Phone Switch allows remote management via port 2533. It has been reported that sending a payload of hexidecimal 000143 in the first packet after the three-way handshake to the management port allows access to the device.  There are known default usernames and passwords that, if not changed, will allow control of the device.  Additionally, if a remote user logs in with an account that belongs to the group "other", a shutdown may be performed.  And, improper assignment of permissions on sensitive directories may permit a user to overwrite files and possibly escalate privileges.
Affected Systems Alcatel 4400 PBX running real-time Chorus OS.
Attack Scenarios An attacker may attempt to use this exploit to gain root access, shutdown the system, or escalate privilege from user to root.
Ease of Attack Simple.
Corrective Action Block external access to the management port of the switch.
Additional References Nessus
http://cgi.nessus.org/plugins/dump.php3?id=11019
Rule References nessus: 11019