Potential Vulnerability in teams environment – anynode is not affected

Potential Vulnerability in teams environment – anynode is not affected

Some days ago, a potential vulnerability has become known where the default configuration of another suppliers SBC was not secured enough and potentially allowed toll-fraud or phishing attacks when used in context with Microsoft Teams Direct Routing: Blog Post Abusing Microsoft Teams Direct Routing

anynode is not susceptible to this attack, as the Wizard creating the MS Teams Direct Routing node creates a specific filter for the exact IP ranges that Microsoft has specified in its documentation. For incoming MS Teams Direct Routing TLS connections, anynode’s Wizard activates mutual TLS, and anynode checks whether the certificate presented by the remote peer was created by one of the two CAs that are specified by Microsoft.

Additionally, the customer can tighten security even more by requiring the certificates presented by the remote side to contain one of the following SANs:
sip.pstnhub.microsoft.com
sip2.pstnhub.microsoft.com
sip3.pstnhub.microsoft.com

TE-SYSTEMS will be supplying a new anynode version (4.6.26) next week, which will optionally reconfigure existing MS Teams nodes with the SAN-filtering shown above.