Cisco VoIP vulnerabilities.
Cisco announced software updates to address 5 Cisco Bug IDs for 3 separate DOS vulnerabilities that affect two of their VoIP products.
Summary:
Cisco Security Advisory: Multiple Cisco Unified CallManager (CUCM) and
Cisco Unified Presence Server (CUPS) Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20070328-voip
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml
Vulnerable Products
* Cisco Unified CallManager 3.3 versions prior to 3.3(5)SR2a
* Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR4
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR1
* Cisco Unified CallManager 5.0 versions prior to 5.0(4a)SU1
* Cisco Unified Presence Server 1.0 versions prior to 1.0(3)
There are no workarounds.
Mitigation:
Filtering traffic as follows for affected CUCM / CUPS systems can be used as a mitigation technique:
Permit TCP port 2000 (SCCP) and TCP port 2443 (SCCPS) to CUCM systems only from VoIP endpoints.
ICMP Echo Requests (type 8) should be blocked for CUCM and CUPS systems. This may affect network management applications and troubleshooting procedures.
UDP Port 8500 (IPSec Manager) should only be permitted between CUCM / CUPS systems configured in a cluster deployment.
Summary:
Cisco Security Advisory: Multiple Cisco Unified CallManager (CUCM) and
Cisco Unified Presence Server (CUPS) Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20070328-voip
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml
Vulnerable Products
* Cisco Unified CallManager 3.3 versions prior to 3.3(5)SR2a
* Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR4
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR1
* Cisco Unified CallManager 5.0 versions prior to 5.0(4a)SU1
* Cisco Unified Presence Server 1.0 versions prior to 1.0(3)
There are no workarounds.
Mitigation:
Filtering traffic as follows for affected CUCM / CUPS systems can be used as a mitigation technique:
Permit TCP port 2000 (SCCP) and TCP port 2443 (SCCPS) to CUCM systems only from VoIP endpoints.
ICMP Echo Requests (type 8) should be blocked for CUCM and CUPS systems. This may affect network management applications and troubleshooting procedures.
UDP Port 8500 (IPSec Manager) should only be permitted between CUCM / CUPS systems configured in a cluster deployment.
Keywords:
0 comment(s)
Comments