Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Cisco VoIP vulnerabilities. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco VoIP vulnerabilities.
Cisco announced software updates to address 5 Cisco Bug IDs for 3 separate DOS vulnerabilities that affect two of their VoIP products.
Summary:
Cisco Security Advisory: Multiple Cisco Unified CallManager (CUCM) and
Cisco Unified Presence Server (CUPS) Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20070328-voip
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml

Vulnerable Products
* Cisco Unified CallManager 3.3 versions prior to 3.3(5)SR2a
* Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR4
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR1
* Cisco Unified CallManager 5.0 versions prior to 5.0(4a)SU1
* Cisco Unified Presence Server 1.0 versions prior to 1.0(3)

There are no workarounds.

Mitigation:
Filtering traffic as follows for affected CUCM / CUPS systems can be used as a mitigation technique:

Permit TCP port 2000 (SCCP) and TCP port 2443 (SCCPS) to CUCM systems only from VoIP endpoints.

ICMP Echo Requests (type 8) should be blocked for CUCM and CUPS systems. This may affect network management applications and troubleshooting procedures.

UDP Port 8500 (IPSec Manager) should only be permitted between CUCM / CUPS systems configured in a cluster deployment.
donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!