HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-63
Cisco Unified Communications Manager Denial of Service Vulnerabilities

Original Issue Date: May 23, 2008

Severity Rating: High

System Affected

  • Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
  • Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  • Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
  • Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
  • Cisco Unified Communications Manager 6.x versions prior to 6.1(1)

Overview

Multiple vulnerabilities have been reported in Cisco Unified Communications Manager, formerly Cisco CallManager. If an attacker utilizes the vulnerability it may cause an interruption in voice services. A remote user can send specially crafted data to cause the target service to crash. The Certificate Trust List (CTL) Provider, Certificate Authority Proxy Function (CAPF), Session Initiation Protocol (SIP), and Simple Network Management Protocol (SNMP) Trap services are affected by these vulnerabilities.

Description

1. Cisco Unified Communications Manager CTL Provider Denial    of Service Vulnerability (CVE-2008-1742 , CVE-2008-1743)

Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It is a software based IP call agent platform sold by Cisco Systems. The Certificate Trust List(CTL) file contains a server certificate, public key, serial number, signature, issuer name, subject name, server function, DNS name, and IP address for each server.

A memory consumption vulnerability exists in the Certificate Trust List (CTL) Provider service of Cisco Unified Communications Manager version 5.x that create a denial of service (DoS) condition. The service fails to properly handle the series of TCP requests. A n unauthenticated remote attacker could exploit this vulnerability b y sending specially-crafted TCP packets to TCP port 2444, to consume all available memory resulting in a denial of service. In version 5.x and 6.x the same attack trigger a separate flaw and cause excessive memory consumption.

2. Certificate Authority Proxy Function Related Vulnerability
   (CVE-2008-1744)

The Certificate Authority Proxy Function (CAPF) utility is used to create and manage locally significant certificates. The CAPF utility generates a key pair and certificate that is specific for CAPF, and the utility copies this certificate to all Cisco CallManager servers in the cluster.

A vulnerability exists in the Certificate Authority Proxy Function (CAPF) service of Cisco Unified Communications Manager versions 4.1, 4.2 and 4.3 that may be exploited by the attacker by sending specially crafted data to TCP port 3804 to cause denial of service conditions.

3. Session Initiation Protocol (SIP)-Related Vulnerabilities
   (CVE-2008-1745 , CVE-2008-1747 , CVE-2008-1748)

Session initiation protocol is a signalling protocol widely used for multimedia communication sessions. The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams.

Cisco Unified Communications Manager versions 5.x and 6.x contain a vulnerability in the handling of malformed SIP JOIN messages that may cause Cisco Unified Communications Manager to terminate, resulting in a DoS condition. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious SIP messages to the affected system.

Cisco Unified Communications Manager versions 4.1, 4.2, 4.3, 5.x and 6.x contain a vulnerability in the handling of SIP INVITE messages that may result in a DoS condition. The vulnerability exists due to an error in the implementation of the Session Initiation Protocol (SIP). An unauthenticated, remote attacker could exploit this vulnerability by sending SIP packets to the target system.

4. SNMP Trap-Related Vulnerability (CVE-2008-1746)

Simple network management protocol(SNMP) consisits of a set of standards which is used in network management sytems to monitor network attached devices for administration. An SNMP TRAP is a message which is initiated by a network element and sent to the network management system for managing some special conditions.

The SNMP Trap Agent service of Cisco Unified Communications Manager versions 4.1, 4.2, 4.3, 5.x and 6.x contain a vulnerability may result in a DoS condition. A remote user can send a series of specially crafted UDP packets to the SNMP trap agent on UDP port 61441 to cause denial of service conditions.

Solution

 Apply appropriate patches as mentioned in CISCO Security Advisory cisco-sa-20080514-cucmdos


Vendor Information

 Cisco
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080995688.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=15783
http://tools.cisco.com/security/center/viewAlert.x?alertId=15789
http://tools.cisco.com/security/center/viewAlert.x?alertId=15823
http://tools.cisco.com/security/center/viewAlert.x?alertId=15780

References

US-CERT
http://www.us-cert.gov/current/index.html#cisco_releases_security
_advisories1

X-Force
http://xforce.iss.net/xforce/xfdb/42410

AusCERT
http://www.auscert.org.au/render.html?it=9291

SecurityTracker
http://www.securitytracker.com/alerts/2008/May/1020022.html

CVE-Name
CVE-2008-1742
CVE-2007-1743
CVE-2007-1744
CVE-2007-1745
CVE-2007-1746
CVE-2007-1747
CVE-2007-1748

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003