|
|
|
|
| |
Credit:
The information has been provided by Cisco PSIRT.
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
|
| |
Vulnerable Systems:
* Cisco Unified Communications Manager version 4
* Cisco Unified Communications Manager version 5
* Cisco Unified Communications Manager version 6
* Cisco Unified Communications Manager version 7
Immune Systems:
* Cisco Unified Communications Manager Express
* Cisco Unified Communications Manager version 5.1(3g)
* Cisco Unified Communications Manager version 6.1(4)
* Cisco Unified Communications Manager version 7.1(2a)SU1
Malformed SIP Message Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities.
The first SIP DoS vulnerability is documented in Cisco Bug ID CSCsi46466 and has been assigned the CVE identifier CVE-2009-2050. The first vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(1) and later.
Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. The second vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), and 7.1(2).
Network Connection Tracking Vulnerability
Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP.
This vulnerability is documented in Cisco Bug ID CSCsq22534 and has been assigned the CVE identifier CVE-2009-2052. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2), and 7.1(2).
Related SIP and SCCP DoS Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities involving the processing of SIP and SCCP packets. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected.
The SCCP vulnerability is documented in Cisco Bug ID CSCsx32236 and has been assigned the CVE identifier CVE-2009-2053. The SCCP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2).
The SIP vulnerability is documented in Cisco Bug ID CSCsx23689 and has been assigned the CVE identifier CVE-2009-2054. The SIP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2a)su1.
Workarounds
There are no workarounds for the vulnerabilities in this advisory. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml
Patch Availability:
Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities. This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
--------------------------------------------------------------------------------------------------------------------------------
Find out more about SQL injection and eliminate the opportunity to exploit it on your site.
+
|
|
|
|
|
