Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-0057 to a friend New vulnerability? New tool? Tell us	CVE-2009-0057 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability     Credit: The information has been provided by Cisco Systems Product Security Incident Response Team. The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-0057 Details Check for CVE-2009-0057 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)  * Cisco Unified Communications Manager 6.x versions prior to 6.1(3) Immune Systems:  * Cisco Unified Communications Manager version 4.x The CAPF service of Cisco Unified Communications Manager versions 5.x and 6.x contain a vulnerability when handling malformed input that may result in a DoS condition. The CAPF service is disabled by default; however, if it is enabled, the CAPF service listens by default on TCP port 3804 and the listening port is configurable by the user. There is a workaround for this vulnerability. This vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3e) and 6.1(3). This vulnerability is documented in Cisco Bug ID CSCsq32032 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0057. Impact: Successful exploitation of the vulnerability described in this advisory may result in the interruption of voice services. Workarounds: To mitigate against this vulnerability, system administrators can disable the CAPF service if it is not necessary for business operations. Access to the CAPF service is only required if Cisco Unified Communications Manager systems and IP phone devices are configured to use certificates for a secure deployment. If phones are not configured to use certificates, then the CAPF service can be disabled. The CAPF service is controlled by the Cisco Certificate Authority Proxy Function menu selection. It is possible to mitigate the CAPF vulnerability by implementing filtering on screening devices if the CAPF service is required. If the CAPF service is enabled, allow access to TCP port 3804 only from networks that contain IP phone devices that require the CAPF service. The CAPF port is user configurable, and if modified, filtering on screening devices should be based on the TCP port that is used. For Cisco Unified Communications Manager 5.x and 6.x systems, please consult the following documentation for details on how to disable Cisco Unified Communications Manager services: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/5_0_1/ccmsrva/sasrvact.html#wp1048220 Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20090121-cucmcapf.shtml  Comments on CVE-2009-0057:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2017 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®