Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco VoIP vulnerabilities.

Published: 2007-03-29
Last Updated: 2007-03-29 16:22:43 UTC
by donald smith (Version: 1)
0 comment(s)
Cisco announced software updates to address 5 Cisco Bug IDs for 3 separate DOS vulnerabilities that affect two of their VoIP products.
Summary:
Cisco Security Advisory: Multiple Cisco Unified CallManager (CUCM) and
Cisco Unified Presence Server (CUPS) Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20070328-voip
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml

Vulnerable Products
* Cisco Unified CallManager 3.3 versions prior to 3.3(5)SR2a
* Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR4
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR1
* Cisco Unified CallManager 5.0 versions prior to 5.0(4a)SU1
* Cisco Unified Presence Server 1.0 versions prior to 1.0(3)

There are no workarounds.

Mitigation:
Filtering traffic as follows for affected CUCM / CUPS systems can be used as a mitigation technique:

Permit TCP port 2000 (SCCP) and TCP port 2443 (SCCPS) to CUCM systems only from VoIP endpoints.

ICMP Echo Requests (type 8) should be blocked for CUCM and CUPS systems. This may affect network management applications and troubleshooting procedures.

UDP Port 8500 (IPSec Manager) should only be permitted between CUCM / CUPS systems configured in a cluster deployment.
Keywords:
0 comment(s)
Diary Archives